Jump to content

Malwarebytes

HELP!!!!

- - - - -
Started by djdaddy, Jul 26 2009 04:53 AM

16 replies to this topic

#1
djdaddy
Posted 26 July 2009 - 04:53 AM

    New Member

  • Members
  • Pip
  • 9 posts
I came here first and did all my reading and tried a bunch of what you tell other people. My Windows Vista (32 Bit) Dell Laptop is very sick. It was redirecting whenever I tried to go to certain webpages. Then I downloaded Antivir Antivirus and whenever I tried to do the full scan it would shut down and restart with the safe mode screen. I downloaded and installed HJT but whenever I try to run it it just shuts the computer down. Now whenever I start it up it freezes as soon as the desktop appears. Even in safe mode I can't run any programs or go to any web pages that have to do with anti-virus, anti-malware, etc. I don't know what to do.

#2
djdaddy
Posted 26 July 2009 - 02:38 PM

    New Member

  • Members
  • Pip
  • 9 posts
bump?

#3
Maurice Naggar
Posted 26 July 2009 - 03:29 PM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 4,245 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
Hello,

You must know that it is bad etiquette to 'bump' your post. And not advised to reply to your own (original) post. (Helpers may think you've been replied to.).
You said

Quote

I downloaded Antivir Antivirus

Has this system ever been without antivirus? What antivirus did you originally have?
If you have been without AV, it is quite likely you will wind up having to wipe the system and setup Vista as a new install (eg, starting from scratch)
=
Show all files:
  • Click the Start button, and then click Computer.
  • On the Organize menu, click Folder and Search Options.
  • Click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders.
  • Click Apply > OK.
=

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, right click the icon and Run as Administrator) to start the program.
  • In the lower right corner of the Top Panel, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here


  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Posted Image If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):
  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.
Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#4
djdaddy
Posted 26 July 2009 - 11:47 PM

    New Member

  • Members
  • Pip
  • 9 posts

View PostMaurice Naggar, on Jul 26 2009, 11:29 AM, said:

Hello,

You must know that it is bad etiquette to 'bump' your post. And not advised to reply to your own (original) post. (Helpers may think you've been replied to.).

Actually, I had no idea. I figured that with all the traffic that it is easy for posts to get lost in the chaos. I was just trying to keep it toward the top until someone could respond. I don't live in Computerville. I have a full time job, DJ on the weekends, have a wife and 5 children. Computers are a necessary evil for me but I don't know all the "rules", if you will.

Here's what you asked for:


OTL logfile created on: 7/26/2009 7:13:12 PM - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\arp\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.82 Mb Total Physical Memory | 685.48 Mb Available Physical Memory | 67.61% Memory free
2.23 Gb Paging File | 2.01 Gb Available in Paging File | 90.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94.59 Gb Total Space | 61.86 Gb Free Space | 65.40% Space Free | Partition Type: NTFS
Drive D: | 15.14 Gb Total Space | 10.26 Gb Free Space | 67.77% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ARP-PC
Current User Name: arp
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/10/29 02:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2006/11/02 05:45:54 | 00,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
PRC - [2009/07/26 19:08:41 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\arp\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Stopped])
SRV - [2009/05/11 10:15:50 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Stopped])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped])
SRV - [2007/09/12 18:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
SRV - [2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Stopped])
SRV - [2007/08/21 11:32:40 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Stopped])
SRV - [2007/08/21 11:32:40 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Stopped])
SRV - [2008/07/27 14:00:25 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/08/21 11:32:40 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Stopped])
SRV - [2007/08/21 11:30:40 | 00,049,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost [On_Demand | Stopped])
SRV - [2006/11/07 14:27:02 | 00,070,656 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/07/19 01:12:35 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2006/11/02 05:46:13 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/06/19 21:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/19 21:17:49 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2007/08/21 11:29:56 | 00,080,504 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc [On_Demand | Stopped])
SRV - [2007/09/12 18:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2007/08/21 11:32:40 | 00,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex [Auto | Stopped])
SRV - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Stopped])
SRV - [2008/09/23 10:45:29 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService [Auto | Stopped])
SRV - [2008/06/19 21:17:50 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/11/05 12:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2006/11/05 12:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
SRV - [2007/02/08 01:11:00 | 00,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe -- (STacSV [Auto | Stopped])
SRV - [2007/07/11 10:33:28 | 00,069,632 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2009/06/14 19:45:25 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
SRV - [2007/08/21 11:31:44 | 00,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore [Auto | Stopped])
SRV - [2008/07/19 01:21:19 | 00,265,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2006/11/27 18:56:04 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Stopped])
SRV - [2006/11/02 08:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006/11/11 19:10:40 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/11/02 05:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 05:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 05:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2008/07/19 01:33:06 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006/11/02 05:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 05:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2009/02/13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Stopped])
DRV - [2009/03/24 16:08:22 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Stopped])
DRV - [2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\Windows\System32\DRIVERS\avipbb.sys -- (avipbb [System | Stopped])
DRV - [2006/11/27 18:55:54 | 00,534,016 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\bcmwl6.sys -- (BCM43XX [On_Demand | Stopped])
DRV - [2007/03/12 00:49:54 | 00,045,568 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Stopped])
DRV - [2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2008/07/19 01:33:06 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2006/10/05 17:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2006/08/17 16:43:52 | 00,007,424 | --S- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv [Auto | Stopped])
DRV - [2006/11/02 03:30:55 | 00,200,704 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\e1e6032.sys -- (e1express [On_Demand | Stopped])
DRV - [2006/11/02 03:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2009/05/13 08:23:24 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Stopped])
DRV - [2006/11/02 05:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2009/05/13 08:23:24 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2006/11/02 05:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2006/11/11 19:10:40 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys -- (HSF_DPV [On_Demand | Stopped])
DRV - [2006/11/11 19:10:38 | 00,206,848 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Stopped])
DRV - [2006/11/02 05:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2009/05/27 22:45:34 | 00,272,432 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20090710.001\IDSvix86.sys -- (IDSvix86 [System | Stopped])
DRV - [2006/11/15 14:07:56 | 01,473,024 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (igfx [On_Demand | Stopped])
DRV - [2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2006/11/02 05:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 05:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 05:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2008/03/11 16:37:30 | 00,143,624 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\System32\DRIVERS\mausb.sys -- (MAUSBFTP [On_Demand | Stopped])
DRV - [2006/11/11 19:10:40 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Stopped])
DRV - [2006/11/02 05:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2008/09/23 10:45:32 | 00,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50 [On_Demand | Stopped])
DRV - [2008/09/23 10:45:31 | 00,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50 [On_Demand | Stopped])
DRV - [2009/07/25 02:00:00 | 00,087,888 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090725.003\NAVENG.SYS -- (NAVENG [On_Demand | Stopped])
DRV - [2009/07/25 02:00:00 | 00,875,728 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090725.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Stopped])
DRV - [2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2006/11/02 05:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 05:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2007/07/26 04:00:00 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/11/02 05:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2006/11/02 03:36:43 | 02,028,032 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\DRIVERS\atikmdag.sys -- (R300 [On_Demand | Stopped])
DRV - [2006/11/20 15:13:56 | 00,032,256 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rimmptsk.sys -- (rimmptsk [Auto | Running])
DRV - [2006/11/20 15:13:58 | 00,043,520 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rimsptsk.sys -- (rimsptsk [Auto | Running])
DRV - [2006/11/20 15:13:58 | 00,037,376 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rixdptsk.sys -- (rismxdp [Auto | Running])
DRV - [2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Stopped])
DRV - [2006/11/02 05:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 05:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2007/04/14 02:49:32 | 00,418,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [On_Demand | Stopped])
DRV - [2007/11/30 23:57:12 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SRTSP.SYS -- (SRTSP [System | Stopped])
DRV - [2007/11/30 23:57:12 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SRTSPL.SYS -- (SRTSPL [On_Demand | Stopped])
DRV - [2007/11/30 23:57:12 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SRTSPX.SYS -- (SRTSPX [System | Stopped])
DRV - [2009/05/11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Stopped])
DRV - [2007/02/08 01:11:04 | 00,647,680 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA [On_Demand | Stopped])
DRV - [2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2008/10/03 14:14:08 | 00,012,848 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS [On_Demand | Stopped])
DRV - [2009/06/15 12:12:48 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Stopped])
DRV - [2008/10/03 14:14:10 | 00,146,096 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW [On_Demand | Stopped])
DRV - [2008/10/03 14:14:10 | 00,039,984 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS [On_Demand | Stopped])
DRV - [2008/10/03 14:14:12 | 00,037,936 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV [On_Demand | Stopped])
DRV - [2008/10/03 14:14:10 | 00,027,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Stopped])
DRV - [2008/10/03 14:14:10 | 00,187,952 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Stopped])
DRV - [2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2006/11/17 19:52:38 | 00,179,256 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2006/11/02 05:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 05:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2009/06/05 11:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2006/11/02 04:55:04 | 00,071,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2008/07/19 01:33:06 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006/11/02 05:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2006/11/11 19:10:38 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Stopped])
DRV - [2006/11/11 19:10:40 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.sys -- (XAudio [Auto | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nogreaterjoy.org/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/14 15:09:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/17 19:03:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/17 22:11:45 | 00,000,000 | ---D | M]

[2009/06/14 13:02:13 | 00,000,000 | ---D | M] -- C:\Users\arp\AppData\Roaming\mozilla\Extensions
[2009/06/14 13:02:13 | 00,000,000 | ---D | M] -- C:\Users\arp\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/14 13:02:13 | 00,000,000 | ---D | M] -- C:\Users\arp\AppData\Roaming\mozilla\Firefox\Profiles\6yvb1knh.default\extensions
[2009/06/14 13:01:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/14 13:01:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/02 23:00:58 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/02 23:00:59 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/06/02 23:01:00 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/17 22:11:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/17 22:11:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/17 22:11:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/17 22:11:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/17 22:11:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/17 22:11:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/17 22:11:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/06/02 19:18:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/02 19:18:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/02 19:18:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/02 19:18:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/02 19:18:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/02 19:18:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/02 19:18:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe File not found
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...abs/tgctlcm.cab (Symantec Configuration Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.150,85.255.112.69
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{14ef5952-51f5-11de-a7b3-0019b967506a}\Shell\AutoRun\command - "" = F:\.\EncryptionTool\MaxtorEncryption.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/26 19:10:41 | 00,065,024 | ---- | C] () -- C:\Windows\System32\drivers\newmabbduusrtiec.sys
[2009/07/26 19:10:18 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/07/26 19:08:20 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\arp\Desktop\OTL.exe
[2009/07/26 18:28:42 | 00,000,539 | ---- | C] () -- C:\Users\arp\Desktop\HijackThis.lnk
[2009/07/25 23:34:23 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/07/25 23:31:59 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\arp\Desktop\HJTInstall.exe
[2009/07/25 23:31:46 | 00,056,342 | ---- | C] () -- C:\Users\arp\Desktop\3001-8022_4-10227353.html
[2009/07/25 22:10:24 | 00,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2009/07/25 22:09:57 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2009/07/25 22:09:57 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/07/25 22:09:56 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2009/07/25 22:09:47 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
[2009/07/25 22:09:47 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/07/25 22:00:18 | 03,150,619 | ---- | C] () -- C:\Users\arp\Desktop\ComboFix.exe
[2009/07/25 21:50:41 | 00,219,648 | ---- | C] () -- C:\Windows\PEV.exe
[2009/07/25 21:50:41 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/07/25 21:50:41 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/07/25 21:50:41 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/07/25 21:50:41 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/07/25 21:50:41 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/07/25 21:50:41 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/07/25 21:50:41 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/07/25 21:50:39 | 00,000,000 | --SD | C] -- C:\fixme
[2009/07/25 21:50:39 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/07/25 21:50:38 | 00,320,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF24725.exe
[2009/07/25 21:49:52 | 00,320,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF24578.exe
[2009/07/25 21:49:52 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swsc.exe
[2009/07/25 21:49:49 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/07/25 21:47:10 | 19,386,6768 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/07/25 21:30:14 | 32,299,960 | ---- | C] () -- C:\Users\arp\Desktop\avira_antivir_personal_en.exe
[2009/07/25 20:52:54 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/25 20:52:51 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/25 20:52:49 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/25 20:52:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/07/25 20:52:49 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/24 23:54:33 | 00,000,254 | -H-- | C] () -- C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/07/24 23:53:56 | 00,062,813 | ---- | C] () -- C:\Program Files\Uninstall.exe
[2009/07/20 01:22:10 | 00,356,864 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioTaskBarIcon.exe
[2009/07/20 01:22:10 | 00,252,424 | ---- | C] (M-Audio, an Avid Technology, Inc. company) -- C:\Windows\System32\M-AudioFastTrackProControlPanelApplet.cpl
[2009/07/20 01:22:10 | 00,143,624 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\System32\drivers\mausb.sys
[2009/07/20 01:22:09 | 02,519,712 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\System32\madiousb.dll
[2009/07/20 01:22:09 | 00,028,680 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\System32\mausbasio.dll
[2009/07/20 01:21:34 | 00,000,000 | ---D | C] -- C:\Program Files\M-Audio
[2009/07/20 01:21:29 | 00,000,000 | ---D | C] -- C:\Users\arp\AppData\Roaming\InstallShield
[2009/07/20 01:17:47 | 04,267,520 | ---- | C] (Macrovision Corporation) -- C:\Users\arp\Desktop\FTP_V32_5.10.00.5119v2.exe
[2009/07/20 00:45:12 | 00,000,968 | ---- | C] () -- C:\Users\arp\Desktop\Service Center.lnk
[2009/07/20 00:39:40 | 00,000,000 | ---D | C] -- C:\Users\arp\AppData\Local\Native Instruments
[2009/07/20 00:37:57 | 54,473,768 | ---- | C] () -- C:\Users\arp\Desktop\Traktor 3 LE 3.3.2 Setup.exe
[2009/07/16 19:30:37 | 00,001,612 | ---- | C] () -- C:\Users\arp\Documents\songlist.rtf
[2009/07/16 19:06:27 | 05,074,718 | ---- | C] () -- C:\Users\arp\Documents\Young Jeezy feat. Akon - Soul Survivor (Promo Only Clean E.mp3
[2009/07/16 19:06:26 | 04,198,118 | ---- | C] () -- C:\Users\arp\Documents\Young Gunz Chingy - Can't Stop, Won't Stop (Remix).mp3
[2009/07/16 19:06:24 | 06,403,781 | ---- | C] () -- C:\Users\arp\Documents\Young Dro ft. T.I.- shoulder lean (clean).mp3
[2009/07/16 19:06:22 | 08,331,331 | ---- | C] () -- C:\Users\arp\Documents\Young Buck - Shorty Wanna Ride (radio edit).mp3
[2009/07/16 19:06:20 | 05,487,872 | ---- | C] () -- C:\Users\arp\Documents\Ying Yang Twins ft Mike Jones - Badd (Clean).mp3
[2009/07/16 19:06:17 | 05,760,775 | ---- | C] () -- C:\Users\arp\Documents\Ying Yang Twins ft.Pitbull - Shake (clean).mp3
[2009/07/15 03:06:45 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/07/15 03:06:44 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/07/15 03:06:43 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/07/15 03:06:42 | 00,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2009/07/15 03:06:42 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
[2009/07/15 03:06:42 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009/07/08 17:56:42 | 00,000,000 | -H-D | C] -- C:\ProgramData\{4CE04D88-061C-4755-BC63-CF32D41615A4}
[2009/07/08 17:56:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2009/07/06 16:16:12 | 00,000,735 | ---- | C] () -- C:\Users\Public\Desktop\Last Train to Blue Moon Canyon.lnk
[2009/07/05 21:58:55 | 00,000,000 | ---D | C] -- C:\Users\arp\Documents\My PSP Files
[2009/07/05 21:39:33 | 00,005,831 | ---- | C] () -- C:\Users\arp\Documents\warrencontract.rtf
[2009/07/05 21:32:14 | 00,005,746 | ---- | C] () -- C:\Users\arp\Documents\nicolecontract.rtf
[2009/07/05 15:34:51 | 00,005,453 | ---- | C] () -- C:\Users\arp\Documents\djcontract.rtf
[2009/07/05 15:26:36 | 00,019,238 | ---- | C] () -- C:\Users\arp\Documents\receptionplanner.rtf
[2009/07/05 15:25:51 | 00,000,979 | ---- | C] () -- C:\Users\Public\Desktop\NX300 Series Information Center.lnk
[2009/07/05 15:23:20 | 00,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 6.0 Sprint
[2009/07/05 15:21:58 | 00,001,950 | ---- | C] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2009/07/05 15:21:55 | 00,000,000 | ---D | C] -- C:\ProgramData\UDL
[2009/07/05 15:21:04 | 00,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2009/07/05 15:20:34 | 00,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICSDK2.dll
[2009/07/05 15:20:34 | 00,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICEntry.dll
[2009/07/05 15:20:34 | 00,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\PICSDK.dll
[2009/07/05 15:20:34 | 00,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/07/05 15:20:34 | 00,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EpPicPrt.dll
[2009/07/05 15:20:34 | 00,051,360 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\EpPicMgr.dll
[2009/07/05 15:20:34 | 00,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/07/05 15:20:34 | 00,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/07/05 15:20:34 | 00,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/07/05 15:20:34 | 00,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/07/05 15:20:34 | 00,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/07/05 15:20:34 | 00,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/07/05 15:20:34 | 00,012,669 | ---- | C] () -- C:\Windows\System32\EPPICLocal_EN.cfg
[2009/07/05 15:20:34 | 00,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/07/05 15:20:34 | 00,006,366 | ---- | C] () -- C:\Windows\System32\EPPICLocal_FR.cfg
[2009/07/05 15:20:34 | 00,006,366 | ---- | C] () -- C:\Windows\System32\EPPICLocal_CF.cfg
[2009/07/05 15:20:34 | 00,006,226 | ---- | C] () -- C:\Windows\System32\EPPICLocal_ES.cfg
[2009/07/05 15:20:34 | 00,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/07/05 15:20:34 | 00,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/07/05 15:20:34 | 00,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/07/05 15:20:34 | 00,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/07/05 15:20:34 | 00,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/07/05 15:20:34 | 00,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/07/05 15:20:34 | 00,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/07/05 15:20:34 | 00,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/07/05 15:20:33 | 00,006,478 | ---- | C] () -- C:\Windows\System32\EPPICLocal_PT.cfg
[2009/07/05 15:20:33 | 00,006,478 | ---- | C] () -- C:\Windows\System32\EPPICLocal_BP.cfg
[2009/07/05 15:17:45 | 00,086,528 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FLBEJA.DLL
[2009/07/05 15:17:44 | 00,078,848 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\E_FD4BEJA.DLL
[2009/07/05 15:17:14 | 00,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2009/07/05 15:15:34 | 00,000,767 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2009/07/05 15:15:32 | 00,071,680 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\System32\escwiad.dll
[2009/07/05 15:15:19 | 00,000,000 | ---D | C] -- C:\Program Files\epson
[2009/07/05 15:14:08 | 00,000,044 | ---- | C] () -- C:\Windows\EPSNX300.ini
[2009/07/04 12:41:38 | 00,000,000 | ---D | C] -- C:\Users\arp\AppData\Local\Powercinema
[2009/07/04 03:42:30 | 00,002,251 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Music Jukebox.lnk
[2009/07/04 03:11:34 | 00,000,000 | ---D | C] -- C:\Users\arp\Desktop\songs
[2009/06/29 18:22:54 | 00,001,665 | ---- | C] () -- C:\Users\arp\Documents\budget0709.rtf
[2009/06/17 18:14:15 | 00,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2009/03/14 05:33:00 | 00,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/07/19 01:44:07 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2008/07/19 01:44:07 | 00,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2008/07/19 01:44:07 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/07/19 01:44:07 | 00,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2008/07/19 01:43:55 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/07/19 01:43:47 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 06:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/21 00:02:32 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/21 00:02:32 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2004/11/29 16:08:30 | 00,127,059 | ---- | C] ( ) -- C:\Windows\System32\DSLLK189.dll

========== Files - Modified Within 30 Days ==========

[2009/07/26 19:11:55 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/26 19:11:22 | 19,386,6768 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/07/26 19:10:41 | 00,065,024 | ---- | M] () -- C:\Windows\System32\drivers\newmabbduusrtiec.sys
[2009/07/26 19:08:41 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\arp\Desktop\OTL.exe
[2009/07/26 19:05:25 | 00,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/07/26 19:05:25 | 00,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/07/26 19:05:24 | 00,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/07/26 19:01:00 | 00,000,254 | -H-- | M] () -- C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/07/26 18:59:37 | 00,000,427 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2009/07/26 18:59:21 | 00,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/26 18:59:21 | 00,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/26 18:59:05 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/26 18:35:35 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C274274C-00E4-4C0A-8439-CA19CA6D84F4}.job
[2009/07/26 18:28:42 | 00,000,539 | ---- | M] () -- C:\Users\arp\Desktop\HijackThis.lnk
[2009/07/25 23:32:17 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\arp\Desktop\HJTInstall.exe
[2009/07/25 23:31:47 | 00,056,342 | ---- | M] () -- C:\Users\arp\Desktop\3001-8022_4-10227353.html
[2009/07/25 22:10:24 | 00,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2009/07/25 22:02:16 | 03,150,619 | ---- | M] () -- C:\Users\arp\Desktop\ComboFix.exe
[2009/07/25 21:50:32 | 00,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF24725.exe
[2009/07/25 21:49:46 | 00,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF24578.exe
[2009/07/25 21:43:45 | 32,299,960 | ---- | M] () -- C:\Users\arp\Desktop\avira_antivir_personal_en.exe
[2009/07/25 21:16:58 | 00,012,288 | ---- | M] () -- C:\Users\arp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/25 21:00:02 | 00,000,396 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2009/07/25 20:52:54 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/24 23:53:56 | 00,062,813 | ---- | M] () -- C:\Program Files\Uninstall.exe
[2009/07/20 01:19:17 | 04,267,520 | ---- | M] (Macrovision Corporation) -- C:\Users\arp\Desktop\FTP_V32_5.10.00.5119v2.exe
[2009/07/20 00:45:12 | 00,000,968 | ---- | M] () -- C:\Users\arp\Desktop\Service Center.lnk
[2009/07/20 00:38:01 | 54,473,768 | ---- | M] () -- C:\Users\arp\Desktop\Traktor 3 LE 3.3.2 Setup.exe
[2009/07/20 00:37:07 | 00,001,665 | ---- | M] () -- C:\Users\arp\Documents\budget0709.rtf
[2009/07/16 19:30:37 | 00,001,612 | ---- | M] () -- C:\Users\arp\Documents\songlist.rtf
[2009/07/16 03:11:28 | 00,321,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/13 05:48:54 | 00,219,648 | ---- | M] () -- C:\Windows\PEV.exe
[2009/07/07 11:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/07/06 23:10:38 | 00,005,831 | ---- | M] () -- C:\Users\arp\Documents\warrencontract.rtf
[2009/07/06 16:16:12 | 00,000,735 | ---- | M] () -- C:\Users\Public\Desktop\Last Train to Blue Moon Canyon.lnk
[2009/07/05 22:13:04 | 00,005,746 | ---- | M] () -- C:\Users\arp\Documents\nicolecontract.rtf
[2009/07/05 15:34:51 | 00,005,453 | ---- | M] () -- C:\Users\arp\Documents\djcontract.rtf
[2009/07/05 15:34:12 | 00,000,044 | ---- | M] () -- C:\Windows\EPSNX300.ini
[2009/07/05 15:26:36 | 00,019,238 | ---- | M] () -- C:\Users\arp\Documents\receptionplanner.rtf
[2009/07/05 15:25:51 | 00,000,979 | ---- | M] () -- C:\Users\Public\Desktop\NX300 Series Information Center.lnk
[2009/07/05 15:21:58 | 00,001,950 | ---- | M] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2009/07/05 15:15:34 | 00,000,767 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2009/07/04 03:42:31 | 00,002,251 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Music Jukebox.lnk

========== LOP Check ==========

[2009/07/20 01:21:29 | 00,000,000 | ---D | M] -- C:\Users\arp\AppData\Roaming
[2009/07/06 22:46:20 | 00,000,000 | ---D | M] -- C:\Users\arp\AppData\Roaming\Corel
[2009/07/04 12:41:38 | 00,000,000 | ---D | M] -- C:\Users\arp\AppData\Roaming\CyberLink
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\arp\AppData\Roaming\Media Center Programs
[2009/06/14 12:56:00 | 00,000,000 | ---D | M] -- C:\Users\arp\AppData\Roaming\Motive
[2009/06/14 21:40:26 | 00,000,000 | ---D | M] -- C:\Users\arp\AppData\Roaming\Move Networks
[2009/06/23 21:48:43 | 00,000,000 | ---D | M] -- C:\Users\arp\AppData\Roaming\MusicNet
[2009/07/14 01:25:27 | 00,000,000 | ---D | M] -- C:\Users\arp\AppData\Roaming\ZoomBrowser EX
[2009/07/25 21:00:02 | 00,000,396 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2009/07/26 18:59:05 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/07/25 15:52:26 | 00,022,210 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/26 18:35:35 | 00,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C274274C-00E4-4C0A-8439-CA19CA6D84F4}.job
[2009/07/26 19:01:00 | 00,000,254 | -H-- | M] () -- C:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

========== Purity Check ==========


< End of report >


----------------------------------------------------------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 7/26/2009 7:13:12 PM - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\arp\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.82 Mb Total Physical Memory | 685.48 Mb Available Physical Memory | 67.61% Memory free
2.23 Gb Paging File | 2.01 Gb Available in Paging File | 90.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94.59 Gb Total Space | 61.86 Gb Free Space | 65.40% Space Free | Partition Type: NTFS
Drive D: | 15.14 Gb Total Space | 10.26 Gb Free Space | 67.77% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ARP-PC
Current User Name: arp
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16CD7F9A-ECE4-4EC3-AFA2-3E3AF2E37D85}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1F314888-F903-4BCF-97F2-61236B9FC441}" = rport=139 | protocol=6 | dir=out | app=system |
"{203FB534-06DE-495D-A71D-EC3C493F8AE2}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{351B825B-6FC2-4789-BFE5-1862796CB239}" = lport=138 | protocol=17 | dir=in | app=system |
"{4509E70B-C977-482E-B317-FE6360DA5063}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{46B30B4F-A3DD-4B13-81D3-B35591A0FDFF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{57A25D49-A013-4C04-932F-4DC192139D8A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7756E6D7-AC5B-43A1-B4BA-803EC0AEE102}" = rport=138 | protocol=17 | dir=out | app=system |
"{905E09E0-77DA-49A2-B041-BF93193AADF4}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A857F459-58ED-449F-BE90-18240E02BBB7}" = lport=445 | protocol=6 | dir=in | app=system |
"{B06B383D-0646-42D6-9A19-3849FF4E4C4B}" = lport=139 | protocol=6 | dir=in | app=system |
"{B0979EC2-11DB-473E-8CB1-CBB2AB36767C}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{BA9A50B1-F4A3-432A-8390-3187A7C4067B}" = rport=2869 | protocol=6 | dir=out | app=system |
"{C92DC65E-7A2C-4B54-9659-8871C60EFFC9}" = rport=137 | protocol=17 | dir=out | app=system |
"{CBFC6D23-9B7E-4F87-867F-576B13C39D9D}" = rport=445 | protocol=6 | dir=out | app=system |
"{D8271449-1336-4274-B0B5-24BAC602C67E}" = lport=137 | protocol=17 | dir=in | app=system |
"{F7CB93B9-AFE9-4804-B0F0-F22B0875C229}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FE31E654-7453-44A0-98FC-7294C8D2C833}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10700C39-ABF8-4552-AD95-3F736095EFF7}" = protocol=6 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe |
"{11260300-962F-45F3-B0AC-4D9BAD36AA79}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1BCDE656-AE04-4769-9B9B-0B16D4EA382F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1E93D2F8-57F8-4D71-B3A1-C7D8D0279723}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{30A8A762-4BE0-4C40-983A-014D512473D4}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{378635C1-C5CD-458E-B2FB-90C5F6A4A1F5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3FE2377C-08B7-4A6F-BCD8-AE6254E63BB5}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{465BD7B5-95A6-4F4F-9DFA-AEE3F5D834ED}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{55EC3352-6666-45B1-A945-0DA3CB0ED515}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5B49C03C-CC73-40F2-B8FF-2E1A9A8E82CB}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{76EF83F5-AB27-4986-990D-801F8734A7B2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{77EBE60A-EB82-4C4A-9D7B-F3219A0DD95D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{91063CB6-425A-4143-BFAB-17ACA88AF974}" = protocol=17 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe |
"{922AB2D1-8C84-4721-A187-25D5A5F25E1D}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{93FFBD7C-027A-4E7F-8A5B-4C7FD7F14CD7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CE230D5D-D208-4E8D-ADEE-62D20E92E54F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E398E051-96A5-414E-9FB3-4CA56D0DD946}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{06874C62-EC70-4275-9F30-BD81969993A8}" = Nancy Drew: Secret of Shadow Ranch
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{2AF302EE-AE22-44F6-8D79-3A734FC2F442}" = SymNet
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon Camera WIA Driver
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3E67F68D-3797-4B6A-B02C-27BC98DFEBDA}" = Fast Track Pro
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{56AB063D-1450-4BDE-9F0D-E9C693429C51}" = netbrdg
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon Camera WIA Driver
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{70D1416D-C0FF-461C-8AF3-71B98C7F5CA4}" = Nancy Drew: Secret of the Old Clock
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{ABCB1D8F-88C6-4D10-8428-5E13FC96A1F3}" = Symantec Real Time Storage Protection Component
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EB7A3B64-1373-48AC-902E-F6643F074E3C}" = Nancy Drew: Last Train to Blue Moon Canyon
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.0
"EOS Utility" = Canon Utilities EOS Utility
"EPSON NX300 Series" = EPSON NX300 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}" = Canon EOS Kiss_N REBEL_XT 350D WIA Driver
"InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon EOS-1Ds Mark II WIA Driver
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor 3 LE" = Native Instruments Traktor 3 LE
"Numark Cue LE (Atomix Productions)" = Numark Cue LE (Atomix Productions)
"ODSK" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WFTK" = Canon Utilities WFT-E1/E2 Utility
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/25/2009 10:23:21 PM | Computer Name = arp-PC | Source = EventSystem | ID = 4609
Description =

Error - 7/25/2009 11:21:39 PM | Computer Name = arp-PC | Source = EventSystem | ID = 4609
Description =

Error - 7/25/2009 11:24:34 PM | Computer Name = arp-PC | Source = EventSystem | ID = 4609
Description =

Error - 7/25/2009 11:34:03 PM | Computer Name = arp-PC | Source = EventSystem | ID = 4609
Description =

Error - 7/26/2009 6:26:59 PM | Computer Name = arp-PC | Source = EventSystem | ID = 4609
Description =

Error - 7/26/2009 6:42:37 PM | Computer Name = arp-PC | Source = EventSystem | ID = 4609
Description =

Error - 7/26/2009 6:55:27 PM | Computer Name = arp-PC | Source = EventSystem | ID = 4609
Description =

Error - 7/26/2009 6:59:15 PM | Computer Name = arp-PC | Source = Avira AntiVir | ID = 4122
Description = Unable to load file <AVEvtLog>. Returned error code:

Error - 7/26/2009 7:01:14 PM | Computer Name = arp-PC | Source = System Restore | ID = 8207
Description =

Error - 7/26/2009 7:12:17 PM | Computer Name = arp-PC | Source = EventSystem | ID = 4609
Description =

[ Broadcom Wireless LAN Events ]
Error - 3/16/2009 1:28:09 PM | Computer Name = arp-PC | Source = WLAN-Tray | ID = 0
Description = Error - Error in creating key container - -2146893809 (Broadcom Wireless
Adapter Manager Container)

Error - 3/16/2009 1:29:46 PM | Computer Name = arp-PC | Source = WLAN-Tray | ID = 0
Description = 12:29:46, Mon, Mar 16, 09 Error - Unable to switch user context, authentication
information not set correctly

[ System Events ]
Error - 7/25/2009 9:48:48 PM | Computer Name = arp-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 7/25/2009 9:48:48 PM | Computer Name = arp-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 7/25/2009 9:48:48 PM | Computer Name = arp-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 7/25/2009 9:48:48 PM | Computer Name = arp-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 7/25/2009 9:48:48 PM | Computer Name = arp-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 7/25/2009 9:48:48 PM | Computer Name = arp-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 7/25/2009 9:48:48 PM | Computer Name = arp-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 7/25/2009 9:48:48 PM | Computer Name = arp-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 7/25/2009 9:48:48 PM | Computer Name = arp-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 7/25/2009 9:50:18 PM | Computer Name = arp-PC | Source = DCOM | ID = 10005
Description =


< End of report >

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------


Results of screen317's Security Check version 0.98.5
Windows Vista
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Avira AntiVir Personal - Free Antivirus
Norton AntiVirus
Norton Internet Security (Symantec Corporation)
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security


Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 5
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.1
``````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Windows Defender MSASCui.exe
Windows Defender MsMpEng.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Very random)

`````````End of Log```````````

#5
Maurice Naggar
Posted 27 July 2009 - 08:55 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 4,245 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
The logs show 2 antivirus app: Norton AntiVirus & Avira AntiVir. Having 2 active AV programs at the same time is not a good idea; plus it leads to conflicts and makes it harder to remove infections.
IF you have purchased Norton AntiVirus AND the license is current (not expired), then de-install Avira.
On the other hand, if you never purchased Norton or that is a free trial, then remove Norton and keep Avira.
When that is done and sorted out, Logoff and Restart the system fresh.

=

I need to know your recent history of attempts at cleanup.
Have you been getting guided help at another forum? if so, where?
If not, have you run Combofix on your own ??

Do not run any tools without guided help.

=
Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from
>>> here <<<
  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close.
  • This fix may prove temporary. Active malware may revert these changes at your next startup. You can safely run the utility again.

=
Get, save, and then run this tool from F-Secure
Save the ZIP file to your Desktop, and unzip the contents.
Make sure if you have any open work, to save your work, and close all your open windows.
In the process of running this tool, restarts may be required.

Run the exe.

Advise me of what results are given by the tool.

=
  • Please double-click OTL.exe Posted Image to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
C:\Windows\System32\drivers\newmabbduusrtiec.sys
C:\recycler
D:\recycler
e:\recycler
f:\recycler
g:\recycler
h:\recycler

:Commands
[purity]
[emptytemp]
[reboot]

  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.

  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

=

Please download & save Malwarebytes Anti-Malware from
http://www.download.com/Malwarebytes-Anti-..._4-10804572.htm or
http://www.besttechi.../mbam-setup.exe or
http://malwarebytes.gt500.org/mbam.jsp

Locate the saved download of mbam-setup.exe. Do a RIGHT-Click on it. Select Rename and rename it to
Tango.exe

Do a RIGHT-Click on Tango.exe and select "Run as Administrator" to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.

  • If an update is found, it will download and install the latest version.

  • Once the program has loaded, select Perform Quick Scan, then click Scan.

  • The scan may take some time to finish,so please be patient.

  • When the scan is complete, click OK, then Show Results to view the results.

  • Make sure that everything is checked, and click Remove Selected.

  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Reply with copy of the OTL MOvedFiles log
and the MBAM scan log
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#6
djdaddy
Posted 28 July 2009 - 01:05 AM

    New Member

  • Members
  • Pip
  • 9 posts

View PostMaurice Naggar, on Jul 27 2009, 04:55 AM, said:

I need to know your recent history of attempts at cleanup.
Have you been getting guided help at another forum? if so, where?
If not, have you run Combofix on your own ??

I have not been getting help elsewhere. Whenever I try to run Combofix I get a box that says "Combofix has stopped working".

View PostMaurice Naggar, on Jul 27 2009, 04:55 AM, said:

Reply with copy of the OTL MOvedFiles log

All processes killed
========== FILES ==========
C:\Windows\System32\drivers\newmabbduusrtiec.sys moved successfully.
File\Folder C:\recycler not found.
File\Folder D:\recycler not found.
File\Folder e:\recycler not found.
File\Folder f:\recycler not found.
File\Folder g:\recycler not found.
File\Folder h:\recycler not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: arp
->Temp folder emptied: 197508705 bytes
->Temporary Internet Files folder emptied: 27457203 bytes
->Java cache emptied: 1044745 bytes
->FireFox cache emptied: 39684573 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 68781854 bytes
RecycleBin emptied: 6307524 bytes

Total Files Cleaned = 325.00 mb


OTL by OldTimer - Version 3.0.10.3 log created on 07272009_202854

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

View PostMaurice Naggar, on Jul 27 2009, 04:55 AM, said:

and the MBAM scan log

I downloaded, renamed, installed and attempted to run. I get the message "Malwarebytes Anti-Malware has stopped working" before it actually does anything. I tried it several times.

#7
Maurice Naggar
Posted 28 July 2009 - 11:27 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 4,245 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

If you have a prior copy of Combofix, delete it now ! Delete the one on your Desktop (with red lion icon)

Download the latest Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image


* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop
If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools


  • RIGHT-click on Combo-Fix.exe and select Run as Administrator to start it & follow the prompts.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

IF you should see a message like this:
Posted Image
then, be sure to write down fully and also copy that into your next reply here and then await for my response.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
-------------------------------------------------------

A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light.
If it is flashing, Combofix is still at work.
=

RE-Enable your AntiVirus and AntiSpyware applications.

Reply with copy of C:\Combofix.txt
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#8
djdaddy
Posted 29 July 2009 - 12:37 AM

    New Member

  • Members
  • Pip
  • 9 posts

View PostMaurice Naggar, on Jul 28 2009, 07:27 AM, said:

IF you should see a message like this:
Posted Image
then, be sure to write down fully and also copy that into your next reply here and then await for my response.

C:\Windows\system32\drivers\ESQULobqbjooequmopqmaljbcbitfssgupket.sys
C:\Windows\system32\ESQULkabygsswihtwamefukcpjpvspocjkshn.dll
C:\Windows\system32\ESQULnebwfojubpmajmxooyxdxtprputgajpe.dll


View PostMaurice Naggar, on Jul 28 2009, 07:27 AM, said:

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
-------------------------------------------------------

ComboFix 09-07-28.01 - arp 07/28/2009 19:36.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.162 [GMT -4:00]
Running from: c:\users\arp\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-449137305-1149123222-1216592111-500
c:\users\arp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk
c:\windows\system32\drivers\ESQULobqbjooequmopqmaljbcbitfssgupket.sys
c:\windows\system32\ESQULkabygsswihtwamefvkcpjpvspocjkshn.dll
c:\windows\system32\ESQULnebwfojubpmajmxooyxdxtprputgajpe.dll
c:\windows\system32\ESQULzcounter

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ESQULserv.sys
-------\Service_ESQULserv.sys


((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-28 )))))))))))))))))))))))))))))))
.

2009-07-28 23:47 . 2009-07-28 23:49 -------- d-----w- c:\users\arp\AppData\Local\temp
2009-07-28 00:49 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-28 00:49 . 2009-07-28 00:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-28 00:49 . 2009-07-28 00:49 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-28 00:49 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-28 00:28 . 2009-07-28 00:28 -------- d-----w- C:\_OTL
2009-07-27 23:35 . 2009-07-27 23:35 26624 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-07-27 11:56 . 2009-07-27 23:27 5568 ----a-w- c:\users\arp\AppData\Local\d3d9caps.dat
2009-07-26 23:10 . 2009-07-26 23:10 -------- d-----w- c:\windows\Sun
2009-07-26 03:34 . 2009-07-26 03:34 -------- d-----w- c:\program files\Trend Micro
2009-07-26 02:09 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-26 02:09 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-26 02:09 . 2009-07-26 02:09 -------- d-----w- c:\program files\Avira
2009-07-26 02:09 . 2009-07-26 02:09 -------- d-----w- c:\progra~2\Avira
2009-07-26 01:50 . 2009-07-26 01:51 -------- d-s---w- C:\fixme
2009-07-25 03:53 . 2009-07-25 03:53 62813 ----a-w- c:\program files\Uninstall.exe
2009-07-20 05:22 . 2008-05-15 21:45 356864 ----a-w- c:\windows\system32\M-AudioTaskBarIcon.exe
2009-07-20 05:22 . 2008-03-11 20:37 143624 ----a-w- c:\windows\system32\drivers\mausb.sys
2009-07-20 05:22 . 2008-03-11 20:37 28680 ----a-w- c:\windows\system32\mausbasio.dll
2009-07-20 05:22 . 2008-03-11 20:37 2519712 ----a-w- c:\windows\system32\madiousb.dll
2009-07-20 05:21 . 2009-07-20 05:21 -------- d-----w- c:\program files\M-Audio
2009-07-20 05:21 . 2009-07-20 05:21 -------- d-----w- c:\users\arp\AppData\Roaming\InstallShield
2009-07-20 04:39 . 2009-07-20 04:39 -------- d-----w- c:\users\arp\AppData\Local\Native Instruments
2009-07-15 07:06 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 07:06 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 07:06 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 07:06 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 07:06 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 07:06 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-07-08 21:56 . 2009-07-08 21:56 -------- dc-h--w- c:\progra~2\{4CE04D88-061C-4755-BC63-CF32D41615A4}
2009-07-08 21:56 . 2009-07-08 21:56 -------- d-----w- c:\program files\Common Files\Native Instruments
2009-07-05 19:23 . 2009-07-05 19:24 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2009-07-05 19:21 . 2009-07-05 19:21 -------- d-----w- c:\progra~2\UDL
2009-07-05 19:21 . 2009-07-05 19:21 -------- d-----w- c:\program files\Epson Software
2009-07-05 19:17 . 2007-12-07 01:08 86528 ----a-w- c:\windows\system32\E_FLBEJA.DLL
2009-07-05 19:17 . 2007-12-07 01:01 78848 ----a-w- c:\windows\system32\E_FD4BEJA.DLL
2009-07-05 19:17 . 2009-07-05 19:19 -------- d-----w- c:\progra~2\EPSON
2009-07-05 19:15 . 2007-07-13 04:00 71680 ----a-w- c:\windows\system32\escwiad.dll
2009-07-05 19:15 . 2009-07-05 19:25 -------- d-----w- c:\program files\epson
2009-07-04 16:41 . 2009-07-04 17:37 -------- d-----w- c:\users\arp\AppData\Local\Powercinema

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-27 12:29 . 2009-03-14 09:42 -------- d-----w- c:\program files\Symantec
2009-07-27 12:29 . 2009-03-14 09:41 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-27 12:24 . 2009-03-14 09:42 -------- d-----w- c:\progra~2\Symantec
2009-07-20 05:22 . 2009-03-14 09:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-16 07:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-14 05:25 . 2009-06-21 06:59 -------- d-----w- c:\users\arp\AppData\Roaming\ZoomBrowser EX
2009-07-14 05:20 . 2009-06-21 06:32 -------- d-----w- c:\progra~2\ZoomBrowser
2009-07-08 21:56 . 2009-06-13 02:40 -------- d-----w- c:\program files\Native Instruments
2009-07-07 02:46 . 2009-06-15 21:05 -------- d-----w- c:\users\arp\AppData\Roaming\Corel
2009-07-06 19:59 . 2009-06-17 20:43 -------- d-----w- c:\program files\Nancy Drew
2009-07-04 16:41 . 2009-06-05 17:14 -------- d-----w- c:\users\arp\AppData\Roaming\CyberLink
2009-06-24 01:48 . 2009-06-24 01:48 -------- d-----w- c:\users\arp\AppData\Roaming\MusicNet
2009-06-21 06:45 . 2009-06-21 06:26 -------- d-----w- c:\program files\Canon
2009-06-21 06:25 . 2009-06-21 06:19 -------- d-----w- c:\program files\Common Files\Canon
2009-06-18 02:11 . 2009-06-16 01:07 -------- d-----w- c:\program files\QuickTime
2009-06-17 23:09 . 2009-06-17 23:09 -------- d-----w- c:\users\arp\AppData\Roaming\Apple Computer
2009-06-17 23:09 . 2009-06-17 23:08 -------- d-----w- c:\program files\iTunes
2009-06-17 23:09 . 2009-06-17 23:08 -------- d-----w- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-17 23:08 . 2009-06-17 23:08 -------- d-----w- c:\program files\iPod
2009-06-17 23:08 . 2009-06-17 22:55 -------- d-----w- c:\program files\Common Files\Apple
2009-06-17 23:08 . 2009-06-17 23:02 -------- d-----w- c:\progra~2\Apple Computer
2009-06-17 23:04 . 2009-06-17 23:04 -------- d-----w- c:\program files\Bonjour
2009-06-17 22:58 . 2009-06-17 22:58 -------- d-----w- c:\program files\Apple Software Update
2009-06-17 22:55 . 2009-06-17 22:55 -------- d-----w- c:\progra~2\Apple
2009-06-16 01:10 . 2009-06-16 01:00 -------- d-----w- c:\progra~2\Kodak
2009-06-16 01:05 . 2009-06-16 01:05 -------- d-----w- c:\program files\Common Files\Kodak
2009-06-16 01:05 . 2009-06-16 01:02 -------- d-----w- c:\program files\Kodak
2009-06-15 01:40 . 2009-06-15 00:09 -------- d-----w- c:\users\arp\AppData\Roaming\Move Networks
2009-06-15 01:01 . 2009-06-15 01:00 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-15 00:09 . 2009-06-15 00:09 127877 ----a-w- c:\users\arp\AppData\Roaming\Move Networks\uninstall.exe
2009-06-15 00:09 . 2009-05-01 06:30 4183416 ----a-w- c:\users\arp\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
2009-06-14 17:57 . 2009-06-14 17:57 -------- d-----w- c:\program files\BellSouth
2009-06-14 16:56 . 2009-06-14 16:35 -------- d-----w- c:\users\arp\AppData\Roaming\Motive
2009-06-14 16:34 . 2009-06-14 16:34 -------- d-----w- c:\program files\ATT-HSI
2009-06-14 16:34 . 2009-06-14 16:33 -------- d-----w- c:\program files\Common Files\Motive
2009-06-14 16:32 . 2009-06-14 16:32 -------- d-----w- c:\progra~2\Motive
2009-06-13 02:19 . 2009-06-13 02:19 -------- d-----w- c:\users\arp\AppData\Roaming\AdobeUM
2009-06-13 02:15 . 2009-03-16 17:29 82016 ----a-w- c:\users\arp\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-12 23:06 . 2009-06-12 23:05 -------- d-----w- c:\program files\Numark Cue
2009-06-05 15:42 . 2009-06-05 15:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 15:42 . 2009-06-05 15:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-09 05:50 . 2009-06-14 23:41 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-14 23:41 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-01 06:30 . 2009-05-01 06:30 97144 ----a-w- c:\users\arp\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-04-30 12:42 . 2009-06-14 16:59 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-04-30 12:06 . 2009-06-14 16:59 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:02 . 2009-06-14 16:59 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-06-03 03:00 . 2009-06-14 17:01 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-07-19 05:33 . 2008-07-19 05:12 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-07-19 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-07-19 1006264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-15 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-15 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-15 81920]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2008-05-15 356864]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-3-14 50688]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-2-20 282624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E398E051-96A5-414E-9FB3-4CA56D0DD946}"= UDP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{3FE2377C-08B7-4A6F-BCD8-AE6254E63BB5}"= TCP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{10700C39-ABF8-4552-AD95-3F736095EFF7}"= UDP:c:\program files\ATT-HSI\McciBrowser.exe:motivebrowser.exe
"{91063CB6-425A-4143-BFAB-17ACA88AF974}"= TCP:c:\program files\ATT-HSI\McciBrowser.exe:motivebrowser.exe
"{1BCDE656-AE04-4769-9B9B-0B16D4EA382F}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{55EC3352-6666-45B1-A945-0DA3CB0ED515}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{465BD7B5-95A6-4F4F-9DFA-AEE3F5D834ED}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1E93D2F8-57F8-4D71-B3A1-C7D8D0279723}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{922AB2D1-8C84-4721-A187-25D5A5F25E1D}"= UDP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{77EBE60A-EB82-4C4A-9D7B-F3219A0DD95D}"= TCP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 1 (0x1)

R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [7/27/2009 7:35 PM 26624]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/25/2009 10:09 PM 108289]
S3 MAUSBFTP;Service for M-Audio Fast Track Pro (WDM);c:\windows\System32\drivers\mausb.sys [7/20/2009 1:22 AM 143624]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire Plus\PhotoDownloader.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nogreaterjoy.org/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\arp\AppData\Roaming\Mozilla\Firefox\Profiles\6yvb1knh.default\
FF - plugin: c:\users\arp\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
.

**************************************************************************

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-28 19:49
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\arp\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\BCMWLTRY.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\SigmaTel\C-Major Audio\WDM\stacsv.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-28 19:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-28 23:56

Pre-Run: 66,465,755,136 bytes free
Post-Run: 66,016,985,088 bytes free

276 --- E O F --- 2009-07-22 00:17

#9
Maurice Naggar
Posted 29 July 2009 - 06:21 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 4,245 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
Combofix has removed a rootkit infection. I'd like for you to follow up with:

Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.
At this time of posting, the current definitions are # 2524 or later. The latest program version is 1.39 (released July 13)

When done, click the Scanner tab.
Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.


Next, download and run the Trend Micro Sysclean Package on your computer.
NOTE! This scan will probably take a long time to run on your computer so be patient and don't use it while it's scanning.
  • Create a brand new folder to copy these files to.
  • As an example: C:\DCE
  • Then open each of the zipped archive files and copy their contents to C:\DCE
  • Copy the file sysclean.com to the new folder C:\DCE as well.
  • Double-click on the file sysclean.com that is in the C:\DCE folder and follow the on-screen instructions.

    After doing all of this, please post back your results, including the log file sysclean.log that will be left behind by sysclean.
How To Use Compressed (Zipped) Folders in Windows XP
Compress and uncompress files (zip files) in Vista

=

Next, See this topic in the AumHa Security Tools Updates forum and get the latest Java runtime from Sun
http://aumha.net/vie...hp?f=26&t=41464

To test your Java Run-time, you may go to this page http://www.java.com/...help/testvm.xml
When all is well, you should see Java Version: 1.6.0_15

=

Download the latest version of HijackThis Installer

Save the HJT Installer to your desktop or the folder of your choice, then navigate to that folder and double-click HJTInstall.exe to start the installation.

When the Trend Micro HJT install box appears, click Install.

HijackThis (HJT) will be installed in the C:\Program Files\Trend Micro\HijackThis folder by default and a desktop shortcut will be created.

Start HijackThis. Do a Scan and Save log.

=
Reply with copy of MBAM scan log
and the Sysclean log
and the HijackThis log
and advise me, How is your system now ?
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#10
djdaddy
Posted 29 July 2009 - 09:30 PM

    New Member

  • Members
  • Pip
  • 9 posts

View PostMaurice Naggar, on Jul 29 2009, 02:21 AM, said:

Reply with copy of MBAM scan log

Malwarebytes' Anti-Malware 1.39
Database version: 2526
Windows 6.0.6000

7/29/2009 12:17:45 PM
mbam-log-2009-07-29 (12-17-45).txt

Scan type: Quick Scan
Objects scanned: 80552
Time elapsed: 4 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

View PostMaurice Naggar, on Jul 29 2009, 02:21 AM, said:

and the Sysclean log

2009-07-29, 13:11:57, Auto-clean mode specified.
2009-07-29, 13:11:57, Running scanner "C:\DCE\TSC.BIN"...
2009-07-29, 13:12:15, Scanner "C:\DCE\TSC.BIN" has finished running.
2009-07-29, 13:12:15, TSC Log:

ÿþD a m a g e C l e a n u p E n g i n e ( D C E ) 6 . 1 ( B u i l d 1 0 2 7 ) ( R C M : D r i v e r n o t r e a d y ! )


W i n d o w s V i s t a ( B u i l d 6 0 0 0 : )




S t a r t t i m e : W e d J u l 2 9 2 0 0 9 1 3 : 1 1 : 5 8





L o a d D a m a g e C l e a n u p T e m p l a t e ( D C T ) " C : \ D C E \ T M R D C T . p t n " ( v e r s i o n ) [ f a i l ]


L o a d D a m a g e C l e a n u p T e m p l a t e ( D C T ) " C : \ D C E \ t s c . p t n " ( v e r s i o n 1 0 5 2 ) [ s u c c e s s ]





C o m p l e t e t i m e : W e d J u l 2 9 2 0 0 9 1 3 : 1 2 : 1 5


E x e c u t e p a t t e r n c o u n t ( 3 0 6 1 ) , V i r u s f o u n d c o u n t ( 0 ) , V i r u s c l e a n c o u n t ( 0 ) , C l e a n f a i l e d c o u n t ( 0 )





2009-07-29, 13:12:15, Running scanner "C:\DCE\VSCANTM.BIN"...
2009-07-29, 17:10:18, Scanner "C:\DCE\VSCANTM.BIN" has finished running.
2009-07-29, 17:10:18, VSCANTM Log:

2009-07-29, 17:10:18, Files Detected:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 7/29/2009 13:12:15
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 327 (467822/467822 Patterns) (2009/07/28) (632700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR C:\*.* /P=C:\DCE\lpt$vpn.327

C:\Qoobox\Quarantine\C\Windows\System32\drivers\ESQULobqbjooequmopqmaljbcbitfssgupket.sys.vir [BKDR_TDSS.Z]
106338 files have been read.
106338 files have been checked.
106227 files have been scanned.
151464 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At: 7/29/2009 17:10:18 3 hours 58 minutes 1 second (14281.63 seconds) has elapsed.(134.304 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-07-29, 17:10:18, Files Clean:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 7/29/2009 13:12:15
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 327 (467822/467822 Patterns) (2009/07/28) (632700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR C:\*.* /P=C:\DCE\lpt$vpn.327

106338 files have been read.
106338 files have been checked.
106227 files have been scanned.
151464 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At: 7/29/2009 17:10:18 3 hours 58 minutes 1 second (14281.63 seconds) has elapsed.(134.304 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-07-29, 17:10:18, Clean Fail:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 7/29/2009 13:12:15
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 327 (467822/467822 Patterns) (2009/07/28) (632700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR C:\*.* /P=C:\DCE\lpt$vpn.327

106338 files have been read.
106338 files have been checked.
106227 files have been scanned.
151464 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At: 7/29/2009 17:10:18 3 hours 58 minutes 1 second (14281.63 seconds) has elapsed.(134.304 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-07-29, 17:10:18, Running scanner "C:\DCE\VSCANTM.BIN"...
2009-07-29, 17:12:57, Scanner "C:\DCE\VSCANTM.BIN" has finished running.
2009-07-29, 17:12:57, VSCANTM Log:

2009-07-29, 17:12:57, Files Detected:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 7/29/2009 17:10:23
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 327 (467822/467822 Patterns) (2009/07/28) (632700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR D:\*.* /P=C:\DCE\lpt$vpn.327

9413 files have been read.
9413 files have been checked.
9412 files have been scanned.
9590 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 7/29/2009 17:12:57 2 minutes 33 seconds (152.95 seconds) has elapsed.(16.249 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-07-29, 17:12:57, Files Clean:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 7/29/2009 17:10:23
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 327 (467822/467822 Patterns) (2009/07/28) (632700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR D:\*.* /P=C:\DCE\lpt$vpn.327

9413 files have been read.
9413 files have been checked.
9412 files have been scanned.
9590 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 7/29/2009 17:12:57 2 minutes 33 seconds (152.95 seconds) has elapsed.(16.249 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*
2009-07-29, 17:12:57, Clean Fail:
Copyright © 1990 - 2006 Trend Micro Inc.
Report Date : 7/29/2009 17:10:23
VSAPI Engine Version : 8.950-1092
VSCANTM Version : 3.00-1018 (Official Build)

VSGetVirusPatternInformation is invoked

Virus Pattern Version : 327 (467822/467822 Patterns) (2009/07/28) (632700)

Command Line: C:\DCE\VSCANTM.BIN /NBPM /S /CLEANALL /LD /LC /LCF /NM /NB /DCEGENCLEAN /HIDEDCECONSOLE /C /ACTIVEACTION=5 /VSBKENC+ /BK /LR D:\*.* /P=C:\DCE\lpt$vpn.327

9413 files have been read.
9413 files have been checked.
9412 files have been scanned.
9590 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At: 7/29/2009 17:12:57 2 minutes 33 seconds (152.95 seconds) has elapsed.(16.249 msec/file)
---------*---------*---------*---------*---------*---------*---------*---------*

View PostMaurice Naggar, on Jul 29 2009, 02:21 AM, said:

and the HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:18:22 PM, on 7/29/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Users\arp\AppData\Local\temp\Temp1_HiJackThis.zip\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
D:\Tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlcm.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6724 bytes


View PostMaurice Naggar, on Jul 29 2009, 02:21 AM, said:

and advise me, How is your system now ?

It seems to be running fine. I can go where I want and scan and all that other stuff but I keep getting a pop up from Avira saying that I have TR/Crypt.ZPACK.Gen which is a Trojan.

#11
Maurice Naggar
Posted 30 July 2009 - 12:16 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 4,245 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
The next time Avira "fusses", be sure to note the exact file name (and folder location) of the file it is complaining about. Post that here (if it occurs again).

The HJT log looks fine.

See this topic in the AumHa Security Updates forum and get the latest Java run-time
http://aumha.net/vie...hp?f=26&t=41464

To test your Java Run-time, you may go to this page http://www.java.com/...help/testvm.xml
When all is well, you should see Java Version: 1.6.0_15

=
You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start (Vista Orb) >> Internet Explorer >> Right-Click and select Run As Administrator.
Using Internet Explorer browser only, go to ESET Online Scanner website:
http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;

  • Approve the install of the required ActiveX Control, then follow on-screen instructions;

  • Enable (check) the Remove found threats option, and run the scan.

  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt.
    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here
    http://www.eset.com/...c4.php?page=faq

    • From ESET Tech Support: If you have ESET NOD32 installed, you should disable it prior to running this scanner.
      Otherwise the scan will take twice as long to do:
      everytime the ESET online scanner opens a file on your computer to scan it, NOD32 on your machine will rescan the file as a result.
    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break Posted ImagePosted Image

Download RootRepeal:
http://rootrepeal.go.../RootRepeal.zip
  • Extract the archive to a folder you create such as C:\RootRepeal
  • Double-click RootRepeal.exe to launch the program (Vista users should right-click and select "Run as Administrator).
  • Click the "File" tab (located at the bottom of the RootRepeal screen)
  • Click the "Scan" button
  • In the popup dialog, check the drives to be scanned - making sure to check your primary operating system drive - normally C:
  • Click OK and the file scan will begin
  • When the scan is done, there will be files listed, but most if not all of them will be legitimate
  • Click the "Save Report" Button
  • Save the log file to your Documents folder
  • Post the content of the RootRepeal file scan log in your next reply.
=

Reply with copy of the Eset scan log
and the RootRepeal log
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#12
djdaddy
Posted 30 July 2009 - 03:31 AM

    New Member

  • Members
  • Pip
  • 9 posts

View PostMaurice Naggar, on Jul 29 2009, 08:16 PM, said:

Reply with copy of the Eset scan log
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.5889
# api_version=3.0.2
# EOSSerial=042a1aab1f33b549979ef402c3dd8e35
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-07-30 01:44:07
# local_time=2009-07-29 09:44:07 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=1797 21 100 100 87517080000
# compatibility_mode=5889 61 66 100 324733678740159
# scanned=117264
# found=0
# cleaned=0
# scan_time=2263

View PostMaurice Naggar, on Jul 29 2009, 08:16 PM, said:

and the RootRepeal log

This is what I got:

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP0
Exception Code: 0xc0000005
Exception Address: 0x004298a0
Attempt to write to address: 0x00db9000

ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows Vista SP0
Exception Code: 0xc0000005
Exception Address: 0x77b31f2a
Attempt to read from address: 0x26b0bbc7

Every time I tried to run Root Repeal I got these logs and the error message "Root Repeal has stopped working".

#13
Maurice Naggar
Posted 30 July 2009 - 11:27 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 4,245 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
The Rootrepeal utility is touchy at times. Let's scratch that & not run it.
The Eset scan result is very encouraging.

Let's have you do this:
Remove Combofix and all its associated folders.
By whichever name you named it, ( you had named it combo-fix Posted Image), put that name in the RUN box stated just below.
The "/u" in the Run line below is to start Combofix for it's cleanup & removal function.
Note the space after x and before the slash mark.
The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.
  • Click Start, then click Run.

    In the command box that opens, type or copy/paste combo-fix /u and then click OK.

Next, Download SysProt Antirootkit from the link below:
http://sites.google....rotantirootkit/
It is at the bottom of the page under "Attachments".

Unzip it into a folder on your desktop.

  • Now, RIGHT-click Sysprot.exe and select Run as Administrator to start the program.
  • Click on the Log tab.
  • In the Write to log box select all items.
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to.
    Open the text file and copy/paste the log here.

After that has finished, locate your OTL on your Desktop
Right-click on the file OTL.exe Posted Image and choose Run As Administrator to start it.
Look at top left of screen, and press the Quick Scan button.
Have patience as it generates a new log.

Next, Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.
At this time of posting, the current definitions are # 2529 or later.

When done, click the Scanner tab.
Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

=

When done, reply with copy of the Sysprot log
and the new OTL.txt
and the latest MBAM scan log
and tell me, How is your system now ?

I expect we are just about done, except for cleaning up after the other tools we used.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#14
djdaddy
Posted 30 July 2009 - 04:28 PM

    New Member

  • Members
  • Pip
  • 9 posts

View PostMaurice Naggar, on Jul 30 2009, 07:27 AM, said:

When done, reply with copy of the Sysprot log

SysProt AntiRootkit v1.0.1.0
by swatkat

********************************************************************************
**********
********************************************************************************
**********

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\Windows\System32\smss.exe
PID: 392
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 456
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wininit.exe
PID: 496
Hidden: No
Window Visible: No

Name: C:\Windows\System32\csrss.exe
PID: 508
Hidden: No
Window Visible: No

Name: C:\Windows\System32\services.exe
PID: 540
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsass.exe
PID: 552
Hidden: No
Window Visible: No

Name: C:\Windows\System32\lsm.exe
PID: 560
Hidden: No
Window Visible: No

Name: C:\Windows\System32\winlogon.exe
PID: 632
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 768
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 844
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 876
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 976
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1040
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1088
Hidden: No
Window Visible: No

Name: C:\Windows\System32\audiodg.exe
PID: 1148
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1176
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SLsvc.exe
PID: 1208
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1268
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1392
Hidden: No
Window Visible: No

Name: C:\Windows\System32\WLTRYSVC.EXE
PID: 1564
Hidden: No
Window Visible: No

Name: C:\Windows\System32\BCMWLTRY.EXE
PID: 1576
Hidden: No
Window Visible: No

Name: C:\Windows\System32\spoolsv.exe
PID: 1656
Hidden: No
Window Visible: No

Name: C:\Program Files\Avira\AntiVir Desktop\sched.exe
PID: 1680
Hidden: No
Window Visible: No

Name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PID: 1700
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 1716
Hidden: No
Window Visible: No

Name: C:\Windows\System32\dwm.exe
PID: 252
Hidden: No
Window Visible: Yes

Name: C:\Windows\explorer.exe
PID: 284
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 336
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Defender\MSASCui.exe
PID: 1988
Hidden: No
Window Visible: No

Name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PID: 2064
Hidden: No
Window Visible: Yes

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 2108
Hidden: No
Window Visible: No

Name: C:\Windows\System32\igfxtray.exe
PID: 2120
Hidden: No
Window Visible: No

Name: C:\Windows\System32\hkcmd.exe
PID: 2148
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 2160
Hidden: No
Window Visible: No

Name: C:\Windows\System32\igfxpers.exe
PID: 2168
Hidden: No
Window Visible: No

Name: C:\Windows\System32\WLTRAY.EXE
PID: 2216
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PID: 2224
Hidden: No
Window Visible: No

Name: C:\Program Files\Dell\MediaDirect\PCMService.exe
PID: 2244
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PID: 2252
Hidden: No
Window Visible: No

Name: C:\Program Files\iTunes\iTunesHelper.exe
PID: 2288
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Motive\McciCMService.exe
PID: 2340
Hidden: No
Window Visible: No

Name: C:\Windows\System32\M-AudioTaskBarIcon.exe
PID: 2352
Hidden: No
Window Visible: No

Name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PID: 2388
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Sidebar\sidebar.exe
PID: 2512
Hidden: No
Window Visible: Yes

Name: C:\Windows\System32\svchost.exe
PID: 2524
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
PID: 2548
Hidden: No
Window Visible: No

Name: C:\Windows\ehome\ehtray.exe
PID: 2564
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Media Player\wmpnscfg.exe
PID: 2620
Hidden: No
Window Visible: No

Name: C:\Program Files\Digital Line Detect\DLG.exe
PID: 2724
Hidden: No
Window Visible: No

Name: C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PID: 2780
Hidden: No
Window Visible: No

Name: C:\Windows\ehome\ehmsas.exe
PID: 2816
Hidden: No
Window Visible: No

Name: C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
PID: 2972
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 3016
Hidden: No
Window Visible: No

Name: C:\Windows\System32\svchost.exe
PID: 3052
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchIndexer.exe
PID: 3084
Hidden: No
Window Visible: No

Name: C:\Windows\System32\drivers\XAudio.exe
PID: 3120
Hidden: No
Window Visible: No

Name: C:\Program Files\Canon\CAL\CALMAIN.exe
PID: 3272
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Media Player\wmpnetwk.exe
PID: 3756
Hidden: No
Window Visible: No

Name: C:\Windows\System32\taskeng.exe
PID: 3764
Hidden: No
Window Visible: No

Name: C:\Windows\System32\alg.exe
PID: 3916
Hidden: No
Window Visible: No

Name: C:\Program Files\iPod\bin\iPodService.exe
PID: 2192
Hidden: No
Window Visible: No

Name: C:\Windows\System32\wuauclt.exe
PID: 1248
Hidden: No
Window Visible: No

Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 8692
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchProtocolHost.exe
PID: 11752
Hidden: No
Window Visible: No

Name: C:\Windows\System32\SearchFilterHost.exe
PID: 11796
Hidden: No
Window Visible: No

Name: C:\Users\arp\Desktop\SysProt\SysProt.exe
PID: 12128
Hidden: No
Window Visible: Yes

Name: C:\Windows\System32\taskeng.exe
PID: 12148
Hidden: No
Window Visible: No

********************************************************************************
**********
********************************************************************************
**********
Kernel Modules:
Module Name: \??\C:\Users\arp\Desktop\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: 8A0FF000
Module End: 8A10A000
Hidden: No

Module Name: C:\Windows\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 81C00000
Module End: 81FA1000
Hidden: No

Module Name: C:\Windows\system32\hal.dll
Service Name: ---
Module Base: 81FA1000
Module End: 81FD5000
Hidden: No

Module Name: C:\Windows\system32\kdcom.dll
Service Name: ---
Module Base: 802C6000
Module End: 802CE000
Hidden: No

Module Name: C:\Windows\system32\mcupdate_GenuineIntel.dll
Service Name: ---
Module Base: 80266000
Module End: 802C6000
Hidden: No

Module Name: C:\Windows\system32\PSHED.dll
Service Name: ---
Module Base: 8025D000
Module End: 80266000
Hidden: No

Module Name: C:\Windows\system32\BOOTVID.dll
Service Name: ---
Module Base: 80255000
Module End: 8025D000
Hidden: No

Module Name: C:\Windows\system32\CLFS.SYS
Service Name: CLFS
Module Base: 8021A000
Module End: 80255000
Hidden: No

Module Name: C:\Windows\system32\CI.dll
Service Name: ---
Module Base: 8051F000
Module End: 80600000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wdf01000.sys
Service Name: Wdf01000
Module Base: 804A4000
Module End: 8051F000
Hidden: No

Module Name: C:\Windows\system32\drivers\WDFLDR.SYS
Service Name: ---
Module Base: 8020D000
Module End: 8021A000
Hidden: No

Module Name: C:\Windows\system32\drivers\acpi.sys
Service Name: ACPI
Module Base: 80461000
Module End: 804A4000
Hidden: No

Module Name: C:\Windows\system32\drivers\WMILIB.SYS
Service Name: ---
Module Base: 80204000
Module End: 8020D000
Hidden: No

Module Name: C:\Windows\system32\drivers\msisadrv.sys
Service Name: msisadrv
Module Base: 80459000
Module End: 80461000
Hidden: No

Module Name: C:\Windows\system32\drivers\pci.sys
Service Name: pci
Module Base: 80434000
Module End: 80459000
Hidden: No

Module Name: C:\Windows\system32\drivers\volmgr.sys
Service Name: volmgr
Module Base: 80425000
Module End: 80434000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\compbatt.sys
Service Name: Compbatt
Module Base: 80201000
Module End: 80204000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: 8041B000
Module End: 80425000
Hidden: No

Module Name: C:\Windows\System32\drivers\mountmgr.sys
Service Name: MountMgr
Module Base: 8040B000
Module End: 8041B000
Hidden: No

Module Name: C:\Windows\system32\drivers\intelide.sys
Service Name: intelide
Module Base: 80404000
Module End: 8040B000
Hidden: No

Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS
Service Name: ---
Module Base: 807F2000
Module End: 80800000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pciide.sys
Service Name: pciide
Module Base: 807EB000
Module End: 807F2000
Hidden: No

Module Name: C:\Windows\System32\drivers\volmgrx.sys
Service Name: volmgrx
Module Base: 807A1000
Module End: 807EB000
Hidden: No

Module Name: C:\Windows\system32\drivers\atapi.sys
Service Name: atapi
Module Base: 80799000
Module End: 807A1000
Hidden: No

Module Name: C:\Windows\system32\drivers\ataport.SYS
Service Name: ---
Module Base: 8077B000
Module End: 80799000
Hidden: No

Module Name: C:\Windows\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: 8074A000
Module End: 8077B000
Hidden: No

Module Name: C:\Windows\system32\drivers\fileinfo.sys
Service Name: FileInfo
Module Base: 8073A000
Module End: 8074A000
Hidden: No

Module Name: C:\Windows\System32\Drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: 80731000
Module End: 8073A000
Hidden: No

Module Name: C:\Windows\system32\drivers\ndis.sys
Service Name: NDIS
Module Base: 8062D000
Module End: 80731000
Hidden: No

Module Name: C:\Windows\system32\drivers\NETIO.SYS
Service Name: ---
Module Base: 81BC7000
Module End: 81C00000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Ntfs.sys
Service Name: Ntfs
Module Base: 81ABF000
Module End: 81BC7000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ksecdd.sys
Service Name: KSecDD
Module Base: 81A55000
Module End: 81ABF000
Hidden: No

Module Name: C:\Windows\system32\drivers\volsnap.sys
Service Name: volsnap
Module Base: 81A1F000
Module End: 81A55000
Hidden: No

Module Name: C:\Windows\System32\Drivers\spldr.sys
Service Name: spldr
Module Base: 81A17000
Module End: 81A1F000
Hidden: No

Module Name: C:\Windows\System32\drivers\partmgr.sys
Service Name: partmgr
Module Base: 81A08000
Module End: 81A17000
Hidden: No

Module Name: C:\Windows\System32\Drivers\mup.sys
Service Name: Mup
Module Base: 84FF1000
Module End: 85000000
Hidden: No

Module Name: C:\Windows\system32\Drivers\fsbts.sys
Service Name: fsbts
Module Base: 84FE5000
Module End: 84FF1000
Hidden: No

Module Name: C:\Windows\System32\drivers\ecache.sys
Service Name: Ecache
Module Base: 84FC0000
Module End: 84FE5000
Hidden: No

Module Name: C:\Windows\system32\drivers\disk.sys
Service Name: disk
Module Base: 84FAF000
Module End: 84FC0000
Hidden: No

Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS
Service Name: ---
Module Base: 84F8E000
Module End: 84FAF000
Hidden: No

Module Name: C:\Windows\system32\drivers\crcdisk.sys
Service Name: crcdisk
Module Base: 84F85000
Module End: 84F8E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunnel.sys
Service Name: tunnel
Module Base: 8828D000
Module End: 88298000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunmp.sys
Service Name: tunmp
Module Base: 85D52000
Module End: 85D5B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: 8827F000
Module End: 8828D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wmiacpi.sys
Service Name: WmiAcpi
Module Base: 85D64000
Module End: 85D6D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: 8837F000
Module End: 88383000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\igdkmd32.sys
Service Name: igfx
Module Base: 88F52000
Module End: 89600000
Hidden: No

Module Name: C:\Windows\System32\drivers\dxgkrnl.sys
Service Name: DXGKrnl
Module Base: 88EB3000
Module End: 88F52000
Hidden: No

Module Name: C:\Windows\System32\drivers\watchdog.sys
Service Name: ---
Module Base: 88530000
Module End: 8853D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: 8825F000
Module End: 88271000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bcmwl6.sys
Service Name: BCM43XX
Module Base: 8840A000
Module End: 88490000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: 88248000
Module End: 88253000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: 8820B000
Module End: 88248000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: 8985A000
Module End: 89868000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bcm4sbxp.sys
Service Name: bcm4sbxp
Module Base: 858C8000
Module End: 858D8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ohci1394.sys
Service Name: ohci1394
Module Base: 85968000
Module End: 85978000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: 89868000
Module End: 89876000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\sdbus.sys
Service Name: sdbus
Module Base: 88E9B000
Module End: 88EB3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rimmptsk.sys
Service Name: rimmptsk
Module Base: 89892000
Module End: 898A0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rimsptsk.sys
Service Name: rimsptsk
Module Base: 88E87000
Module End: 88E9B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rixdptsk.sys
Service Name: rismxdp
Module Base: 88E36000
Module End: 88E87000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: 88E23000
Module End: 88E36000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\SynTP.sys
Service Name: SynTP
Module Base: 89805000
Module End: 89830000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: 85DA2000
Module End: 85DA4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouclass.sys
Service Name: mouclass
Module Base: 88200000
Module End: 8820B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys
Service Name: kbdclass
Module Base: 88303000
Module End: 8830E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdrom.sys
Service Name: cdrom
Module Base: 88E0B000
Module End: 88E23000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: 884B8000
Module End: 884C2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\msiscsi.sys
Service Name: iScsiPrt
Module Base: 89B15000
Module End: 89B40000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\storport.sys
Service Name: ---
Module Base: 89AD5000
Module End: 89B15000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: 88344000
Module End: 8834F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: 89ABE000
Module End: 89AD5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: 88395000
Module End: 883A0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: 89A9B000
Module End: 89ABE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: 8993D000
Module End: 8994C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: 89A88000
Module End: 89A9B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: 8995B000
Module End: 8996A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: 85DBC000
Module End: 85DBE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: 89A5E000
Module End: 89A88000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: 884C2000
Module End: 884CC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\umbus.sys
Service Name: umbus
Module Base: 885BF000
Module End: 885CC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: 89A2A000
Module End: 89A5E000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: 85928000
Module End: 85938000
Hidden: No

Module Name: C:\Windows\system32\drivers\stwrt.sys
Service Name: STHDA
Module Base: 8A95D000
Module End: 8AA00000
Hidden: No

Module Name: C:\Windows\system32\drivers\portcls.sys
Service Name: ---
Module Base: 8A02D000
Module End: 8A05A000
Hidden: No

Module Name: C:\Windows\system32\drivers\drmk.sys
Service Name: ---
Module Base: 8A008000
Module End: 8A02D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSXHWAZL.sys
Service Name: HSXHWAZL
Module Base: 8A920000
Module End: 8A95D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSX_DPV.sys
Service Name: HSF_DPV
Module Base: 8A81D000
Module End: 8A920000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSX_CNXT.sys
Service Name: winachsf
Module Base: 8AF4C000
Module End: 8B000000
Hidden: No

Module Name: C:\Windows\system32\drivers\modem.sys
Service Name: Modem
Module Base: 885A5000
Module End: 885B2000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: 85C75000
Module End: 85C7C000
Hidden: No

Module Name: C:\Windows\System32\drivers\vga.sys
Service Name: vga
Module Base: 89BDC000
Module End: 89BE8000
Hidden: No

Module Name: C:\Windows\System32\drivers\VIDEOPRT.SYS
Service Name: ---
Module Base: 8AF2B000
Module End: 8AF4C000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: 85CEA000
Module End: 85CF2000
Hidden: No

Module Name: C:\Windows\system32\drivers\rdpencdd.sys
Service Name: RDPENCDD
Module Base: 85D02000
Module End: 85D0A000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: 89876000
Module End: 89884000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: 85D1C000
Module End: 85D25000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpip.sys
Service Name: Tcpip
Module Base: 8AE39000
Module End: 8AF0B000
Hidden: No

Module Name: C:\Windows\System32\drivers\fwpkclnt.sys
Service Name: ---
Module Base: 8AE20000
Module End: 8AE39000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tdx.sys
Service Name: tdx
Module Base: 8AE0B000
Module End: 8AE20000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\smb.sys
Service Name: Smb
Module Base: 8B1EC000
Module End: 8B200000
Hidden: No

Module Name: C:\Windows\system32\drivers\afd.sys
Service Name: AFD
Module Base: 8B1A5000
Module End: 8B1EC000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\netbt.sys
Service Name: netbt
Module Base: 8B173000
Module End: 8B1A5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pacer.sys
Service Name: PSched
Module Base: 8B15D000
Module End: 8B173000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: 88271000
Module End: 8827F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: 8B14A000
Module End: 8B15D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ssmdrv.sys
Service Name: ssmdrv
Module Base: 883B8000
Module End: 883BE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rdbss.sys
Service Name: rdbss
Module Base: 8B10F000
Module End: 8B14A000
Hidden: No

Module Name: C:\Windows\system32\drivers\nsiproxy.sys
Service Name: nsiproxy
Module Base: 884D6000
Module End: 884E0000
Hidden: No

Module Name: C:\Windows\System32\Drivers\dfsc.sys
Service Name: DfsC
Module Base: 8B0B8000
Module End: 8B0CF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\avipbb.sys
Service Name: avipbb
Module Base: 8B09C000
Module End: 8B0B8000
Hidden: No

Module Name: \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
Service Name: avgio
Module Base: 85DB6000
Module End: 85DB8000
Hidden: No

Module Name: C:\Windows\System32\Drivers\crashdmp.sys
Service Name: ---
Module Base: 885E6000
Module End: 885F3000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 8A0DE000
Module End: 8A0E9000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 85CD2000
Module End: 85CDA000
Hidden: Yes

Module Name: C:\Windows\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: 884EA000
Module End: 884F4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\monitor.sys
Service Name: monitor
Module Base: 859D8000
Module End: 859E7000
Hidden: No

Module Name: C:\Windows\system32\drivers\luafv.sys
Service Name: luafv
Module Base: A2C95000
Module End: A2CB0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\avgntflt.sys
Service Name: avgntflt
Module Base: A2C81000
Module End: A2C95000
Hidden: No

Module Name: C:\Windows\system32\drivers\spsys.sys
Service Name: ---
Module Base: A4972000
Module End: A4A00000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lltdio.sys
Service Name: lltdio
Module Base: 859C4000
Module End: 859D4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nwifi.sys
Service Name: NativeWifiP
Module Base: A4947000
Module End: A4972000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: 8849A000
Module End: 884A4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rspndr.sys
Service Name: rspndr
Module Base: A3E05000
Module End: A3E18000
Hidden: No

Module Name: C:\Windows\system32\drivers\HTTP.sys
Service Name: HTTP
Module Base: A599A000
Module End: A5A00000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srvnet.sys
Service Name: srvnet
Module Base: A4816000
Module End: A4831000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bowser.sys
Service Name: bowser
Module Base: A586E000
Module End: A5887000
Hidden: No

Module Name: C:\Windows\System32\drivers\mpsdrv.sys
Service Name: mpsdrv
Module Base: A4802000
Module End: A4816000
Hidden: No

Module Name: C:\Windows\system32\drivers\mrxdav.sys
Service Name: MRxDAV
Module Base: A584E000
Module End: A586E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Name: mrxsmb
Module Base: A5830000
Module End: A584E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Service Name: mrxsmb10
Module Base: A69C7000
Module End: A6A00000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Name: mrxsmb20
Module Base: A581E000
Module End: A5830000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv2.sys
Service Name: srv2
Module Base: A69A3000
Module End: A69C7000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv.sys
Service Name: srv
Module Base: A682C000
Module End: A6878000
Hidden: No

Module Name: \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys
Service Name: dsunidrv
Module Base: 91854000
Module End: 91856000
Hidden: No

Module Name: C:\Windows\System32\Drivers\fastfat.SYS
Service Name: fastfat
Module Base: A3F98000
Module End: A3FC0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: A8F2C000
Module End: A8F30000
Hidden: No

Module Name: C:\Windows\system32\drivers\peauth.sys
Service Name: PEAUTH
Module Base: A3E7A000
Module End: A3F58000
Hidden: No

Module Name: C:\Windows\System32\Drivers\secdrv.SYS
Service Name: secdrv
Module Base: 884AE000
Module End: 884B8000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpipreg.sys
Service Name: tcpipreg
Module Base: 8A0A7000
Module End: 8A0B2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\xaudio.sys
Service Name: XAudio
Module Base: A2D98000
Module End: A2DA0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ipnat.sys
Service Name: IPNAT
Module Base: A6806000
Module End: A682C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdfs.sys
Service Name: cdfs
Module Base: A419A000
Module End: A41B0000
Hidden: No

Module Name: \??\C:\Windows\system32\drivers\rootrepeal.sys
Service Name: rootrepeal
Module Base: 89B88000
Module End: 89B94000
Hidden: Yes

Module Name: C:\Windows\System32\Drivers\Null.SYS
Service Name: Null
Module Base: 85C6E000
Module End: 85C75000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: 8A0C8000
Module End: 8A0D3000
Hidden: No

********************************************************************************
**********
********************************************************************************
**********
SSDT:
Function Name: ZwCreateThread
Address: 8A160F14
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenProcess
Address: 8A160F00
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: 8A160F05
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwTerminateProcess
Address: 8A160F0F
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

********************************************************************************
**********
********************************************************************************
**********
No Kernel Hooks found

********************************************************************************
**********
********************************************************************************
**********
No IRP Hooks found

********************************************************************************
**********
********************************************************************************
**********
Ports:
Local Address: ARP-PC:51233
Remote Address: IW-IN-F137.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: ARP-PC:51232
Remote Address: IW-IN-F100.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: ARP-PC:51231
Remote Address: IY-IN-F103.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: ARP-PC:51230
Remote Address: IY-IN-F103.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: ARP-PC:51229
Remote Address: IY-IN-F101.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: ARP-PC:51228
Remote Address: IY-IN-F101.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: ARP-PC:51226
Remote Address: IY-IN-F101.GOOGLE.COM:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: ARP-PC:49167
Remote Address: 198.63.203.17:HTTP
Type: TCP
Process: C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
State: CLOSE_WAIT

Local Address: ARP-PC:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: ARP-PC:51144
Remote Address: LOCALHOST:51143
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: ARP-PC:51143
Remote Address: LOCALHOST:51144
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: ARP-PC:51141
Remote Address: LOCALHOST:51140
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: ARP-PC:51140
Remote Address: LOCALHOST:51141
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: ARP-PC:49161
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: ARP-PC:27015
Remote Address: LOCALHOST:49161
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: ARP-PC:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: ARP-PC:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: ARP-PC:49157
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING

Local Address: ARP-PC:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING

Local Address: ARP-PC:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: ARP-PC:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: ARP-PC:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: ARP-PC:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING

Local Address: ARP-PC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: ARP-PC:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: ARP-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: ARP-PC:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: ARP-PC:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: ARP-PC:68
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: ARP-PC:59615
Remote Address: NA
Type: UDP
Process: C:\Program Files\Windows Sidebar\sidebar.exe
State: NA

Local Address: ARP-PC:54989
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: ARP-PC:54553
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: ARP-PC:49414
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: ARP-PC:49153
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: ARP-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: ARP-PC:58801
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: ARP-PC:53685
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: ARP-PC:49413
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: ARP-PC:LLMNR
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: ARP-PC:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: ARP-PC:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: ARP-PC:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

********************************************************************************
**********
********************************************************************************
**********
No hidden files/folders found


View PostMaurice Naggar, on Jul 30 2009, 07:27 AM, said:

and the new OTL.txt

OTL logfile created on: 7/30/2009 12:02:37 PM - Run 2
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Users\arp\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.82 Mb Total Physical Memory | 307.49 Mb Available Physical Memory | 30.33% Memory free
2.23 Gb Paging File | 1.13 Gb Available in Paging File | 50.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94.59 Gb Total Space | 59.63 Gb Free Space | 63.04% Space Free | Partition Type: NTFS
Drive D: | 15.14 Gb Total Space | 10.26 Gb Free Space | 67.77% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ARP-PC
Current User Name: arp
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2006/11/27 18:56:04 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2006/11/27 18:55:48 | 01,716,224 | ---- | M] (Dell Inc.) -- C:\Windows\System32\bcmwltry.exe
PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/05/11 10:15:50 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2008/10/29 02:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/07/19 01:21:19 | 01,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/17 19:52:40 | 00,815,104 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006/11/15 14:08:02 | 00,098,304 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2006/11/15 14:07:56 | 00,106,496 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2006/11/15 14:07:58 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2006/11/27 18:56:02 | 01,540,096 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
PRC - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/05/02 19:16:54 | 00,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2009/06/05 13:39:22 | 00,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/09/23 10:45:29 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2008/05/15 17:45:26 | 00,356,864 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioTaskBarIcon.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/07/19 01:17:35 | 01,232,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2006/11/05 12:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
PRC - [2006/11/02 08:35:32 | 00,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2006/11/02 08:36:04 | 00,201,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2006/11/03 19:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2007/02/20 05:10:26 | 00,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2006/11/02 08:35:32 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2007/02/08 01:11:00 | 00,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
PRC - [2006/11/11 19:10:40 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe
PRC - [2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/11/02 08:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/07/29 17:53:32 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/03/15 20:18:32 | 00,145,408 | ---- | M] () -- C:\Users\arp\Desktop\SysProt\SysProt.exe
PRC - [2009/07/26 19:08:41 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\arp\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/05/11 10:15:50 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
SRV - [2008/07/27 14:00:25 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/11/07 14:27:02 | 00,070,656 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/07/19 01:12:35 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2006/11/02 05:46:13 | 00,989,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/06/19 21:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/19 21:17:49 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - File not found -- -- (LiveUpdate Notice Ex [Auto | Stopped])
SRV - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Running])
SRV - [2008/09/23 10:45:29 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService [Auto | Running])
SRV - [2008/06/19 21:17:50 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/11/05 12:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2006/11/05 12:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Running])
SRV - [2007/02/08 01:11:00 | 00,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe -- (STacSV [Auto | Running])
SRV - [2007/07/11 10:33:28 | 00,069,632 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2008/07/19 01:21:19 | 00,265,912 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2006/11/27 18:56:04 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
SRV - [2006/11/02 08:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV - [2006/11/11 19:10:40 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/14 15:09:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/29 17:53:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/29 17:53:49 | 00,000,000 | ---D | M]

[2009/06/14 13:02:13 | 00,000,000 | ---D | M] -- C:\Users\arp\AppData\Roaming\mozilla\Extensions
[2009/06/14 13:02:13 | 00,000,000 | ---D | M] -- C:\Users\arp\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/14 13:02:13 | 00,000,000 | ---D | M] -- C:\Users\arp\AppData\Roaming\mozilla\Firefox\Profiles\6yvb1knh.default\extensions
[2009/06/14 13:01:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/29 17:53:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/29 17:53:32 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/29 17:53:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/29 17:53:34 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/17 22:11:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/17 22:11:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/17 22:11:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/17 22:11:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/17 22:11:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/17 22:11:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/17 22:11:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/06/02 19:18:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/02 19:18:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/02 19:18:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/02 19:18:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/02 19:18:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/02 19:18:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/02 19:18:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/07/30 11:54:24 | 00,000,000 | ---D | C] -- C:\Users\arp\Desktop\SysProt
[2009/07/29 23:17:17 | 00,000,000 | ---D | C] -- C:\ROOTREPEAL
[2009/07/29 20:58:27 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/07/29 20:49:56 | 00,012,803 | ---- | C] () -- C:\Users\arp\Desktop\onlinescan.htm
[2009/07/29 13:28:57 | 00,318,369 | ---- | C] () -- C:\Users\arp\Desktop\HiJackThis.zip
[2009/07/29 13:27:08 | 00,010,945 | ---- | C] () -- C:\Users\arp\Desktop\download.htm
[2009/07/29 13:09:26 | 00,000,493 | ---- | C] () -- C:\Users\arp\Desktop\lpt327.zip - Shortcut.lnk
[2009/07/29 12:31:45 | 00,000,000 | ---D | C] -- C:\DCE
[2009/07/29 12:08:01 | 00,000,000 | ---D | C] -- C:\Users\arp\AppData\Roaming\Malwarebytes
[2009/07/29 01:11:32 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/07/28 19:56:20 | 00,000,000 | ---D | C] -- C:\Users\arp\AppData\Local\temp
[2009/07/28 19:49:26 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/07/28 19:47:16 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/07/27 20:49:43 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Tango.lnk
[2009/07/27 20:49:40 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/27 20:49:38 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/27 20:49:38 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/07/27 20:49:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/27 20:28:54 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/07/27 19:35:43 | 00,000,000 | ---D | C] -- C:\Users\arp\Desktop\f-downadup
[2009/07/27 19:35:17 | 00,026,624 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
[2009/07/27 19:32:10 | 05,720,072 | ---- | C] () -- C:\Users\arp\Desktop\f-downadup.zip
[2009/07/27 19:30:08 | 00,000,000 | ---D | C] -- C:\Users\arp\Desktop\FixPolicies
[2009/07/27 19:29:06 | 00,185,065 | ---- | C] () -- C:\Users\arp\Desktop\FixPolicies.exe
[2009/07/27 08:23:23 | 04,026,973 | -H-- | C] () -- C:\Users\arp\AppData\Local\IconCache.db
[2009/07/27 08:16:38 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/07/27 07:56:41 | 00,005,568 | ---- | C] () -- C:\Users\arp\AppData\Local\d3d9caps.dat
[2009/07/26 19:26:09 | 00,562,539 | ---- | C] () -- C:\Users\arp\Desktop\SecurityCheck.exe
[2009/07/26 19:10:18 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/07/26 19:08:20 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\arp\Desktop\OTL.exe
[2009/07/25 23:34:23 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/07/25 23:31:46 | 00,056,342 | ---- | C] () -- C:\Users\arp\Desktop\3001-8022_4-10227353.html
[2009/07/25 22:10:24 | 00,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2009/07/25 22:09:57 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2009/07/25 22:09:57 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/07/25 22:09:56 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2009/07/25 22:09:47 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
[2009/07/25 22:09:47 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/07/25 21:50:41 | 00,219,648 | ---- | C] () -- C:\Windows\PEV.exe
[2009/07/25 21:50:41 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/07/25 21:50:41 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/07/25 21:50:41 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/07/25 21:50:41 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/07/25 21:50:41 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/07/25 21:50:41 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/07/25 21:50:41 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/07/25 21:50:39 | 00,000,000 | --SD | C] -- C:\fixme
[2009/07/25 21:50:39 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/07/25 21:49:49 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/07/25 21:30:14 | 32,299,960 | ---- | C] () -- C:\Users\arp\Desktop\avira_antivir_personal_en.exe
[2009/07/25 20:52:54 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Tango.exe.lnk
[2009/07/20 01:22:10 | 00,356,864 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioTaskBarIcon.exe
[2009/07/20 01:22:10 | 00,252,424 | ---- | C] (M-Audio, an Avid Technology, Inc. company) -- C:\Windows\System32\M-AudioFastTrackProControlPanelApplet.cpl
[2009/07/20 01:22:10 | 00,143,624 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\System32\drivers\mausb.sys
[2009/07/20 01:22:09 | 02,519,712 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\System32\madiousb.dll
[2009/07/20 01:22:09 | 00,028,680 | ---- | C] (Avid Technology, Inc.) -- C:\Windows\System32\mausbasio.dll
[2009/07/20 01:21:34 | 00,000,000 | ---D | C] -- C:\Program Files\M-Audio
[2009/07/20 01:21:29 | 00,000,000 | ---D | C] -- C:\Users\arp\AppData\Roaming\InstallShield
[2009/07/20 00:45:12 | 00,000,968 | ---- | C] () -- C:\Users\arp\Desktop\Service Center.lnk
[2009/07/20 00:39:40 | 00,000,000 | ---D | C] -- C:\Users\arp\AppData\Local\Native Instruments
[2009/07/20 00:37:57 | 54,473,768 | ---- | C] () -- C:\Users\arp\Desktop\Traktor 3 LE 3.3.2 Setup.exe
[2009/07/16 19:30:37 | 00,001,612 | ---- | C] () -- C:\Users\arp\Documents\songlist.rtf
[2009/07/16 19:06:27 | 05,074,718 | ---- | C] () -- C:\Users\arp\Documents\Young Jeezy feat. Akon - Soul Survivor (Promo Only Clean E.mp3
[2009/07/16 19:06:26 | 04,198,118 | ---- | C] () -- C:\Users\arp\Documents\Young Gunz Chingy - Can't Stop, Won't Stop (Remix).mp3
[2009/07/16 19:06:24 | 06,403,781 | ---- | C] () -- C:\Users\arp\Documents\Young Dro ft. T.I.- shoulder lean (clean).mp3
[2009/07/16 19:06:22 | 08,331,331 | ---- | C] () -- C:\Users\arp\Documents\Young Buck - Shorty Wanna Ride (radio edit).mp3
[2009/07/16 19:06:20 | 05,487,872 | ---- | C] () -- C:\Users\arp\Documents\Ying Yang Twins ft Mike Jones - Badd (Clean).mp3
[2009/07/16 19:06:17 | 05,760,775 | ---- | C] () -- C:\Users\arp\Documents\Ying Yang Twins ft.Pitbull - Shake (clean).mp3

========== Files - Modified Within 14 Days ==========

[2009/07/30 11:39:53 | 00,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/30 11:39:53 | 00,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/30 01:03:08 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{C274274C-00E4-4C0A-8439-CA19CA6D84F4}.job
[2009/07/29 21:00:01 | 00,000,396 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2009/07/29 20:49:58 | 00,012,803 | ---- | M] () -- C:\Users\arp\Desktop\onlinescan.htm
[2009/07/29 17:46:11 | 00,716,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/07/29 17:46:11 | 00,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/07/29 17:46:11 | 00,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/07/29 17:40:33 | 00,000,427 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2009/07/29 17:39:54 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/29 17:39:49 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/29 17:37:58 | 04,026,973 | -H-- | M] () -- C:\Users\arp\AppData\Local\IconCache.db
[2009/07/29 13:29:02 | 00,318,369 | ---- | M] () -- C:\Users\arp\Desktop\HiJackThis.zip
[2009/07/29 13:27:10 | 00,010,945 | ---- | M] () -- C:\Users\arp\Desktop\download.htm
[2009/07/29 13:09:26 | 00,000,493 | ---- | M] () -- C:\Users\arp\Desktop\lpt327.zip - Shortcut.lnk
[2009/07/28 19:49:43 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/07/28 19:49:22 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/07/27 20:49:43 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Tango.lnk
[2009/07/27 19:35:17 | 00,026,624 | ---- | M] () -- C:\Windows\System32\drivers\fsbts.sys
[2009/07/27 19:34:14 | 05,720,072 | ---- | M] () -- C:\Users\arp\Desktop\f-downadup.zip
[2009/07/27 19:29:16 | 00,185,065 | ---- | M] () -- C:\Users\arp\Desktop\FixPolicies.exe
[2009/07/27 19:27:00 | 00,005,568 | ---- | M] () -- C:\Users\arp\AppData\Local\d3d9caps.dat
[2009/07/26 19:26:28 | 00,562,539 | ---- | M] () -- C:\Users\arp\Desktop\SecurityCheck.exe
[2009/07/26 19:08:41 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\arp\Desktop\OTL.exe
[2009/07/25 23:31:47 | 00,056,342 | ---- | M] () -- C:\Users\arp\Desktop\3001-8022_4-10227353.html
[2009/07/25 22:10:24 | 00,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2009/07/25 21:43:45 | 32,299,960 | ---- | M] () -- C:\Users\arp\Desktop\avira_antivir_personal_en.exe
[2009/07/25 21:16:58 | 00,012,288 | ---- | M] () -- C:\Users\arp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/25 20:52:54 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Tango.exe.lnk
[2009/07/21 14:31:43 | 00,057,667 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2009/07/20 00:45:12 | 00,000,968 | ---- | M] () -- C:\Users\arp\Desktop\Service Center.lnk
[2009/07/20 00:38:01 | 54,473,768 | ---- | M] () -- C:\Users\arp\Desktop\Traktor 3 LE 3.3.2 Setup.exe
[2009/07/20 00:37:07 | 00,001,665 | ---- | M] () -- C:\Users\arp\Documents\budget0709.rtf
[2009/07/16 19:30:37 | 00,001,612 | ---- | M] () -- C:\Users\arp\Documents\songlist.rtf

========== LOP Check ==========

[2009/07/29 12:08:01 | 00,000,000 | ---D | M] -- C:\Users\arp\AppData\Roaming
[2009/07/06 22:46:20 | 00,000,000 | ---D | M] -- C:\Users\arp\AppData\Roaming\Corel
[2009/07/04 12:41:38 | 00,000,000 | ---D | M] -- C:\Users\arp\AppData\Roaming\CyberLink
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\arp\AppData\Roaming\Media Center Programs
[2009/06/14 12:56:00 | 00,000,000 | ---D | M] -- C:\Users\arp\AppData\Roaming\Motive
[2009/06/14 21:40:26 | 00,000,000 | ---D | M] -- C:\Users\arp\AppData\Roaming\Move Networks
[2009/06/23 21:48:43 | 00,000,000 | ---D | M] -- C:\Users\arp\AppData\Roaming\MusicNet
[2009/07/14 01:25:27 | 00,000,000 | ---D | M] -- C:\Users\arp\AppData\Roaming\ZoomBrowser EX
[2009/07/29 21:00:01 | 00,000,396 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2009/07/29 17:39:54 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/07/29 17:38:34 | 00,027,430 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/30 01:03:08 | 00,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C274274C-00E4-4C0A-8439-CA19CA6D84F4}.job

========== Purity Check ==========


< End of report >

View PostMaurice Naggar, on Jul 30 2009, 07:27 AM, said:

and the latest MBAM scan log

Malwarebytes' Anti-Malware 1.39
Database version: 2530
Windows 6.0.6000

7/30/2009 12:21:53 PM
mbam-log-2009-07-30 (12-21-53).txt

Scan type: Quick Scan
Objects scanned: 80972
Time elapsed: 4 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


View PostMaurice Naggar, on Jul 30 2009, 07:27 AM, said:

and tell me, How is your system now ?

It is running great! I cannot thank you enough!

#15
Maurice Naggar
Posted 30 July 2009 - 06:08 PM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 4,245 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
OK ! You are good to go after the following:

Start HijackThis. Look for these lines and place a checkmark against each of the following, if still present

Quote

O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer (& or any other window) is closed when you click Fix Checked!


  • Please RIGHT-click OTL.exe Posted Image and select Run as Administrator to run it.
  • Click on the CleanUp! button at upper Right corner. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTL attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
  • This step removes the files, folders, and shortcuts created by the tools I had you download and run.

Delete the Sysclean downloads and the C:\DCE folder
Delete the C:\ROOTREPEAL folder, if still present
Delete Sysprot on your Desktop, if present
Delete the f-downadup folder on your Desktop and f-downadup.zip
Delete the folder C:\$RECYCLE.BIN


As your antvirus is Avira & this did not appear to have Norton Symantec AV, but rather remainders,
I suggest you get and run the Norton/Symantec Removal Tool from this link
http://service1.symantec.com/Support/tsgen...005033108162039

=

  • See and do the steps outlined at this next link, to cleanup old system restore points and do a disk cleanup
    http://bertk.mvps.or...skcleanupv.html

  • You may reset your Windows Explorer {My Computer} Folder Options > VIEW settings back to where they had been before. {under hidden files & folders to not show hidden or system files -and- to "hide protected operating system files" }

  • Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.

  • Check in at Windows Update and install any Critical Updates offered.

  • Make certain that Automatic Updates is enabled.


  • Download, install, and keep updated Spyware Blaster (free): http://www.javacools...areblaster.html (all Protections should be enabled at all times)

  • Make regular backups of your system to removable media: DVD, USB external hard drive, etc.

    On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
    Kaspersky Webscan Online Virus Scanner

    ESET Online Scanner

    Panda ActiveScan

    Trend Micro Housecall

    F-Secure Online Scanner

  • Read Tony Klein's article How Did I Get Infected In The First Place

  • Never, ever download free games, free tools, smileys, or anything free unless you can be absolutely sure the source is safe !

    Finally, spend some time reading about how to keep your computer safe on the Internet: http://www.bleepingc...tutorial82.html
We are finished here. Best regards. :)
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#16
djdaddy
Posted 30 July 2009 - 11:25 PM

    New Member

  • Members
  • Pip
  • 9 posts

View PostMaurice Naggar, on Jul 30 2009, 02:08 PM, said:

OK ! You are good to go after the following:

Start HijackThis. Look for these lines and place a checkmark against each of the following, if still presentClick on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer (& or any other window) is closed when you click Fix Checked!


  • Please RIGHT-click OTL.exe Posted Image and select Run as Administrator to run it.
  • Click on the CleanUp! button at upper Right corner. When you do this a text file named cleanup.txt will be downloaded from the internet. If you get a warning from your firewall or other security programs regarding OTL attempting to contact the internet you should allow it to do so. After the list has been download you'll be asked if you want to Begin cleanup process? Select Yes.
  • This step removes the files, folders, and shortcuts created by the tools I had you download and run.

Delete the Sysclean downloads and the C:\DCE folder
Delete the C:\ROOTREPEAL folder, if still present
Delete Sysprot on your Desktop, if present
Delete the f-downadup folder on your Desktop and f-downadup.zip
Delete the folder C:\$RECYCLE.BIN


As your antvirus is Avira & this did not appear to have Norton Symantec AV, but rather remainders,
I suggest you get and run the Norton/Symantec Removal Tool from this link
http://service1.symantec.com/Support/tsgen...005033108162039

=

  • See and do the steps outlined at this next link, to cleanup old system restore points and do a disk cleanup
    http://bertk.mvps.or...skcleanupv.html

  • You may reset your Windows Explorer {My Computer} Folder Options > VIEW settings back to where they had been before. {under hidden files & folders to not show hidden or system files -and- to "hide protected operating system files" }

  • Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.

  • Check in at Windows Update and install any Critical Updates offered.

  • Make certain that Automatic Updates is enabled.


  • Download, install, and keep updated Spyware Blaster (free): http://www.javacools...areblaster.html (all Protections should be enabled at all times)

  • Make regular backups of your system to removable media: DVD, USB external hard drive, etc.

    On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
    Kaspersky Webscan Online Virus Scanner

    ESET Online Scanner

    Panda ActiveScan

    Trend Micro Housecall

    F-Secure Online Scanner

  • Read Tony Klein's article How Did I Get Infected In The First Place

  • Never, ever download free games, free tools, smileys, or anything free unless you can be absolutely sure the source is safe !

    Finally, spend some time reading about how to keep your computer safe on the Internet: http://www.bleepingc...tutorial82.html
We are finished here. Best regards. <_<

Thank you so much! This is my backup computer for my DJ business. If you are anywhere near Ohio and need a DJ for an event, let me know. I'd be happy to hook you up. Go to www.mr-djs.com to take a look.

#17
Maurice Naggar
Posted 31 July 2009 - 12:21 AM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 4,245 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
You are welcome. Glad it worked out.
Posted Image
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us